stopping vlan routing on 6509 for one specific vlan.

Answered Question

I want to setup a CUCM lab environment on a seperate vlan but want to take advantage of the POE ports on my 6509. Is there an easy way to create a new vlan but not have it be automatically routed. I don't want any possiblity of the lab CUCM interfering with the production CUCM. In other words I want to create a network that is completely self contained with no access to other vlans on my 6509. I was thinking about using an access list but wanted to get some other opinions to see if that was the best idea.


Thanks in advance for any advice.


Steve

Correct Answer by Edison Ortiz about 8 years 2 months ago

Steve,


You can create a Layer2 Vlan on the switch and assign those switchports to the newly created Vlan.


As long as you don't create a SVI (Switch Virtual Interface) for such Vlan, no routing will occur.


HTH,


__


Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
MATTHEW BECK Tue, 12/30/2008 - 07:35
User Badges:

Hi,

Perhaps I'm misunderstanding your question, but if you don't put an IP address on the VLAN interface of the 6509, there is no routing capability. You won't be able to get in or out of the VLAN, but it will prevent that subnet from interacting with other VLANs/subnets.


If you need to get in and out of the VLAN for certain services you could use an ACL like you mentioned or drop a spare firewall in there too. Configure the hosts to use the fw as the gateway and it controls what is permitted up to the 6509.


I hope this helps.


Matt

Correct Answer
Edison Ortiz Tue, 12/30/2008 - 07:36
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Steve,


You can create a Layer2 Vlan on the switch and assign those switchports to the newly created Vlan.


As long as you don't create a SVI (Switch Virtual Interface) for such Vlan, no routing will occur.


HTH,


__


Edison.

mlund Tue, 12/30/2008 - 07:37
User Badges:
  • Silver, 250 points or more

Hi Steve


You can create a layer2 vlan, and leave it that way. Do not create the layer3 interface for the vlan.


/Mikael

Actions

This Discussion