Inter vlan routing

Unanswered Question
Sep 22nd, 2008
User Badges:

I had to configure several vlans on a CAT4510, all vlan had to see the server vlan. The customer dont want that one vlan see other vlans (only with the servers vlan).

How can I do this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
m-haddad Mon, 09/22/2008 - 13:13
User Badges:
  • Silver, 250 points or more


You can create an ACL and apply inbound on each VLAN interface. In the ACL allow communication to the servers subnet and deny everything else to the RFC 1918 networks.

Hope this helps,


Appreciate you rating,

Rafael Jimenez Mon, 09/22/2008 - 14:21
User Badges:

ok, what about CPU usage?.

Is possible use VLAN MAPS (VLAN ACL)?.


Rafael Jimenez Sun, 09/28/2008 - 17:50
User Badges:

Hi, can you tell me if this work in this way...


ip access-list extended intervlan_2_3_acl

permit ip

vlan access-map intervlan_map

match ip address intervlan_2_3_acl

action drop

ip access-list extended intervlan_2_4_acl

permit ip

vlan access-map intervlan_map

match ip address intervlan_2_4_acl

action drop

ip access-list extended intervlan_others_acl

permit ip any any

vlan access-map intervlan_map

match ip rest-intervlan_acl

action forward

vlan filter intervlan_map vlan-list 1-4


Rafael Jimenez Sun, 09/28/2008 - 18:36
User Badges:

doing some research.. I believe this will work better...

ip access-list extended intervlan_1_acl

permit ip any

permit any ip

vlan access-map intervlan_1_map

match ip address intervlan_1_acl

action drop

vlan access-map intervlan_1_map

action forward

vlan filter intervlan_1_map vlan-list 1

Marwan ALshawi Sun, 09/28/2008 - 21:52
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

let me give small note:

normal acl routed acl RACL

used to control traffic between vlans in a switch

while vlan ACL VACL as u referd it vlan map this can be used between vlans but it is useful to filter traffic withing the same vlan as well

in ur case u can creat normal ACL RACL that filter traffic between vlans and apply it on the vlan interface on ur L3 switch on the SVI

like interface vlan x

access-group in .....

if helpful Rate

m-haddad Mon, 09/29/2008 - 09:03
User Badges:
  • Silver, 250 points or more

The above will deny any traffic to anywhere from I don't think this is your target. You said you want to deny intervlan traffic right? Not everything from that VLAN?


This Discussion