4503 switch vlans

jagdev.dhaliwal · ‎02-17-2008

I have created 8 vlans on two 4503 switchs which are on HSRP but now I want to stop their inter vlan communication as they all are able to ping each other how can I stop them , but they should able to communicate with server zone vlan which is one of that 8 vlans

Istvan_Rabai · ‎02-17-2008

Hi Jagdev,

You may use access-lists to deny traffic between the vlans, but allow traffic from all vlans to a specific vlan, where the servers are located.

For example:

Vlan x has the subnet x.x.x.x x.x.x.x

The server vlan y has the subnet y.y.y.y y.y.y.y

The access-list:

access-list 101 permit ip x.x.x.x x.x.x.x y.y.y.y y.y.y.y

(implicit "deny ip any any" at the end, so you don't have to add it to the access-list)

Apply this access-list to the vlan x interface of subnet x.x.x.x x.x.x.x :

interface vlan x

ip access-group 101 in

By applying similar access-lists to all 7 vlan interfaces (except interface vlan y, the server vlan) you achieve the desired result.

Cheers:

Istvan

jagdev.dhaliwal · ‎02-17-2008

is there any other option availble or this is the only one, and i already using the acees list 101

Istvan_Rabai · ‎02-17-2008

Hi,

If access-list 101 is already in use, you can use from 102 .... to 108 for the 7 different vlans and subnets.

I think this is the simplest method of solving your issue.

Cheers:

Istvan