cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
386
Views
0
Helpful
2
Replies

Controlling inter VLAN routing

bapatsubodh
Level 1
Level 1

Hi,

We have L3 swicth on which routing is enabled. We have different VLANS and we need to give access from some VLAN to other VLAN and deny access from some other VLAN to other VLAN. But all of those VLAN should have a default gateway VLAN to which we have our router with wan connectivity is connected.

Can we put access lists just like router in L3 swicth on each vlan interfeace . We have given ip address of different subnets to each VLAN.

Any link on cisco.com is appreciable.

Please share any experience.

Thanks in advance

Subodh

2 Replies 2

Nagendra Kumar Nainar
Cisco Employee
Cisco Employee

Istvan_Rabai
Level 7
Level 7

Hi Bapat,

The method you described will work for you reliably.

For the hosts of each vlan the default gateway address is the ip address of the L3 switch vlan interface of that vlan.

You can use extended ip access-lists to filter traffic between vlans as desired.

For denied traffic, use the access-lists as close as possible to the source of the traffic, so the traffic does not travel across the network just to be denied at the destination subnet.

This way you will save a lot of bandwidth for your network.

Specifically, it is best to apply the access-lists to the vlan interface of the L3 switch fot each vlan like this:

interface vlan 1

ip access-group 101 in

Cheers:

Istvan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: