Inter vlan routing

Unanswered Question
Sep 22nd, 2008
User Badges:

I had to configure several vlans on a CAT4510, all vlan had to see the server vlan. The customer dont want that one vlan see other vlans (only with the servers vlan).

How can I do this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
m-haddad Mon, 09/22/2008 - 13:13
User Badges:
  • Silver, 250 points or more

Hello,


You can create an ACL and apply inbound on each VLAN interface. In the ACL allow communication to the servers subnet and deny everything else to the RFC 1918 networks.


Hope this helps,


Regards,

Appreciate you rating,


Rafael Jimenez Mon, 09/22/2008 - 14:21
User Badges:

ok, what about CPU usage?.

Is possible use VLAN MAPS (VLAN ACL)?.

Thanks

Rafael Jimenez Sun, 09/28/2008 - 17:50
User Badges:

Hi, can you tell me if this work in this way...

======

ip access-list extended intervlan_2_3_acl

permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255


vlan access-map intervlan_map

match ip address intervlan_2_3_acl

action drop


ip access-list extended intervlan_2_4_acl

permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255


vlan access-map intervlan_map

match ip address intervlan_2_4_acl

action drop


ip access-list extended intervlan_others_acl

permit ip any any


vlan access-map intervlan_map

match ip rest-intervlan_acl

action forward


vlan filter intervlan_map vlan-list 1-4


thanks

Rafael Jimenez Sun, 09/28/2008 - 18:36
User Badges:

doing some research.. I believe this will work better...

ip access-list extended intervlan_1_acl

permit ip 192.168.1.0 0.0.0.255 any

permit any ip 192.168.1.0 0.0.0.255


vlan access-map intervlan_1_map

match ip address intervlan_1_acl

action drop


vlan access-map intervlan_1_map

action forward


vlan filter intervlan_1_map vlan-list 1




Marwan ALshawi Sun, 09/28/2008 - 21:52
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

let me give small note:


normal acl routed acl RACL


used to control traffic between vlans in a switch

while vlan ACL VACL as u referd it vlan map this can be used between vlans but it is useful to filter traffic withing the same vlan as well

in ur case u can creat normal ACL RACL that filter traffic between vlans and apply it on the vlan interface on ur L3 switch on the SVI


like interface vlan x

access-group in .....


if helpful Rate

m-haddad Mon, 09/29/2008 - 09:03
User Badges:
  • Silver, 250 points or more

The above will deny any traffic to anywhere from 192.168.1.0/24. I don't think this is your target. You said you want to deny intervlan traffic right? Not everything from that VLAN?



Actions

This Discussion