4503 switch vlans

Unanswered Question
Feb 17th, 2008

I have created 8 vlans on two 4503 switchs which are on HSRP but now I want to stop their inter vlan communication as they all are able to ping each other how can I stop them , but they should able to communicate with server zone vlan which is one of that 8 vlans

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Istvan_Rabai Sun, 02/17/2008 - 04:50

Hi Jagdev,

You may use access-lists to deny traffic between the vlans, but allow traffic from all vlans to a specific vlan, where the servers are located.

For example:

Vlan x has the subnet x.x.x.x x.x.x.x

The server vlan y has the subnet y.y.y.y y.y.y.y

The access-list:

access-list 101 permit ip x.x.x.x x.x.x.x y.y.y.y y.y.y.y

(implicit "deny ip any any" at the end, so you don't have to add it to the access-list)

Apply this access-list to the vlan x interface of subnet x.x.x.x x.x.x.x :

interface vlan x

ip access-group 101 in

By applying similar access-lists to all 7 vlan interfaces (except interface vlan y, the server vlan) you achieve the desired result.



jagdev.dhaliwal Sun, 02/17/2008 - 05:17

is there any other option availble or this is the only one, and i already using the acees list 101

Istvan_Rabai Sun, 02/17/2008 - 08:40


If access-list 101 is already in use, you can use from 102 .... to 108 for the 7 different vlans and subnets.

I think this is the simplest method of solving your issue.




This Discussion