02-21-2008 08:46 PM - edited 03-03-2019 08:49 PM
Hi,
We have L3 swicth on which routing is enabled. We have different VLANS and we need to give access from some VLAN to other VLAN and deny access from some other VLAN to other VLAN. But all of those VLAN should have a default gateway VLAN to which we have our router with wan connectivity is connected.
Can we put access lists just like router in L3 swicth on each vlan interfeace . We have given ip address of different subnets to each VLAN.
Any link on cisco.com is appreciable.
Please share any experience.
Thanks in advance
Subodh
02-21-2008 09:34 PM
Hi,
VLAN ACL may help you..
Regards,
Nagendra
02-22-2008 10:27 PM
Hi Bapat,
The method you described will work for you reliably.
For the hosts of each vlan the default gateway address is the ip address of the L3 switch vlan interface of that vlan.
You can use extended ip access-lists to filter traffic between vlans as desired.
For denied traffic, use the access-lists as close as possible to the source of the traffic, so the traffic does not travel across the network just to be denied at the destination subnet.
This way you will save a lot of bandwidth for your network.
Specifically, it is best to apply the access-lists to the vlan interface of the L3 switch fot each vlan like this:
interface vlan 1
ip access-group 101 in
Cheers:
Istvan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: