To stop communcation among vlans at L3

Unanswered Question

Hi,

I created vlans on L3(3560) and is able to route the all vlans to internet using a router.

internet...>router(natting)...>Switch(L3 3560 with 5 vlans).


All seems to working fine where i want to use different vlans and access internet.Now 5 vlans created on the L3 are able to access each other as well.Do let me know what all am I missing.


e.g vlan 2 192.168.1.0/24 and Vlan 3 192.168.2.0/24 are able to go internet as ip routing is enabled on the switch and backward route is defined on the router.But user on vlan2 are also able to access vlan3 network,which i don't want.


My first purpose to get all valns to internet has been solved but the second one securing vlan is there.


Please help.


Reg,

Sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Thu, 04/24/2008 - 02:10
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sushil


You need to apply acl's to your vlan interfaces eg.


access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255

etc for each vlan

access-list 101 permit ip any any


the permit ip any any at the end of the access-list is for internet access.


int vlan 2

ip access-group 101 in


You need to do this for each of your internal vlans.


Jon

ilnaiduccna Thu, 04/24/2008 - 02:34
User Badges:


Hi jon,


Sorry for the intrupt, i have one doubt in your post that is you told that


"You need to aply acl's to your vlan interfaces"


Actually ACL's we can define in L3 as per IP's am i right? is it enoughf


sorry if there any mistakes.


Regards,

Naidu.

Jon Marshall Thu, 04/24/2008 - 02:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Naidu


Not sure i understand. The ACL's are using IP addresses but the vlan interfaces are the SVI's (Switched Virtual Interface) which are the L3 interface on a L3 switch.


Jon

ilnaiduccna Thu, 04/24/2008 - 03:05
User Badges:


Jon,


Yes your clear but i just bit confused.


Regards,

Naidu.

Actions

This Discussion