Controlling inter VLAN routing

Unanswered Question
Feb 21st, 2008


We have L3 swicth on which routing is enabled. We have different VLANS and we need to give access from some VLAN to other VLAN and deny access from some other VLAN to other VLAN. But all of those VLAN should have a default gateway VLAN to which we have our router with wan connectivity is connected.

Can we put access lists just like router in L3 swicth on each vlan interfeace . We have given ip address of different subnets to each VLAN.

Any link on is appreciable.

Please share any experience.

Thanks in advance


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Istvan_Rabai Fri, 02/22/2008 - 22:27

Hi Bapat,

The method you described will work for you reliably.

For the hosts of each vlan the default gateway address is the ip address of the L3 switch vlan interface of that vlan.

You can use extended ip access-lists to filter traffic between vlans as desired.

For denied traffic, use the access-lists as close as possible to the source of the traffic, so the traffic does not travel across the network just to be denied at the destination subnet.

This way you will save a lot of bandwidth for your network.

Specifically, it is best to apply the access-lists to the vlan interface of the L3 switch fot each vlan like this:

interface vlan 1

ip access-group 101 in




This Discussion