Intervlan traffic filtering

Answered Question
Jun 7th, 2008
User Badges:

I have a 3750 switch with intervlan routing enabled. I have created 4 vlans as a,b,c & d. At the moment intervlan routing between all the vlans is possible. But for security reason I DO NOT want vlan c & d to communicate with vlan a & b. I want vlan a to communicate only with vlan b and vlan b to communicate only with vlan a.


Please help me to do this

Correct Answer by Jon Marshall about 8 years 11 months ago

Prasanga


As an example


a = 192.168.5.0/24

b = 192.168.6.0/24

c = 192.168.7.0/24

d = 192.168.8.0/24


access-list 101 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 101 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 permit ip any any


int vlan c

ip access-group 101 in


access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 102 permit ip any any


int vlan d

ip access-group 102 in


Jon

Correct Answer by padramas about 8 years 11 months ago

Hello Prasanga,

You configure ACLs to isolate the traffic.


the following link will guide you in implementing it

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swacl.html


HTH

Padmanabhan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Sun, 06/08/2008 - 01:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Prasanga


As an example


a = 192.168.5.0/24

b = 192.168.6.0/24

c = 192.168.7.0/24

d = 192.168.8.0/24


access-list 101 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 101 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 permit ip any any


int vlan c

ip access-group 101 in


access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.8.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 102 permit ip any any


int vlan d

ip access-group 102 in


Jon

Actions

This Discussion