Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1953
Views
0
Helpful
7
Replies

OSPF / VLAN

Go to solution
Amin Shaikh
Level 1
Level 1

‎01-30-2009 01:16 PM - edited ‎03-06-2019 03:46 AM

On 4500 BackBone Switch ; we have 15 VLANS, running OSPF as the routing protocol, we need to create another new VLAN (vlan 120) and the requirement is that this VLAN should not be allowed to communicate with other vlans.

As per requirement I have not added this vlan range in OSPF routing process but still other vlan are able to communicate..

Can someone explain why this is happening...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lamav
Level 8
Level 8

‎01-30-2009 02:08 PM

Not running OSPF on the new vlan interface simply means that LSUs from this router will not include information regarding the new vlan in its updates to the OSPF neighbors.

That means that a user sitting, say, 3 hops away, will not have a route to that network.

The reason that users on the other vlans that are configured on that 4500 switch can communicate with the new vlan is that they are all directly connected routes. You need a router/L3 switch to pass traffic from one vlan to another (inter-vlan routing). Creating SVIs for several vlans on the same switch satisfies that requirement, thereby allowing users in each of these vlans to communicate with each other.

To isolate the new vlan, you can look into using vlan maps or traditional ACLs and applying them to the vlan's SVI.

http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst4500/12.1/12.1e/configuration/guide/secure.html

HTH

Victor

View solution in original post

0 Helpful
7 Replies 7

Go to solution
rais
Level 7
Level 7

‎01-30-2009 02:02 PM

All connected VLANs on your L3 switch will communicate to each other since the new VLAN is part of routing table.

You can use a VACL, if supported on your platform or just create a VLAN without an SVI if that's possible.

Thanks.

0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni
In response to rais

‎01-30-2009 04:37 PM

 As Istvan said just make it a layer  2 vlan.   Just  type in  " no interface vlan 120" .   This prevents anyone in vlan 120 from being routed anywhere else because there is no layer 3 definition .

0 Helpful

Go to solution
Istvan_Rabai
Level 7
Level 7

‎01-30-2009 02:07 PM

Hi Amin,

The solution is simple:

Do not create the vlan interface that belongs to vlan 120.

In other words, don't issue this command on the switch:

interface vlan 120

Cheers:

Istvan

0 Helpful

Go to solution
rais
Level 7
Level 7
In response to Istvan_Rabai

‎01-30-2009 02:17 PM

Istvan,

Do you mean don't assign an IP address to this interface.

Thanks.

0 Helpful

Go to solution
Istvan_Rabai
Level 7
Level 7
In response to rais

‎01-31-2009 01:10 AM

Yes, not assigning an ip address to interface vlan 120 will work work for you as well.

Cheers:

Istvan

0 Helpful

Go to solution
lamav
Level 8
Level 8

‎01-30-2009 02:08 PM

Not running OSPF on the new vlan interface simply means that LSUs from this router will not include information regarding the new vlan in its updates to the OSPF neighbors.

That means that a user sitting, say, 3 hops away, will not have a route to that network.

The reason that users on the other vlans that are configured on that 4500 switch can communicate with the new vlan is that they are all directly connected routes. You need a router/L3 switch to pass traffic from one vlan to another (inter-vlan routing). Creating SVIs for several vlans on the same switch satisfies that requirement, thereby allowing users in each of these vlans to communicate with each other.

To isolate the new vlan, you can look into using vlan maps or traditional ACLs and applying them to the vlan's SVI.

http://www.ciscosystems.com/en/US/docs/switches/lan/catalyst4500/12.1/12.1e/configuration/guide/secure.html

HTH

Victor

0 Helpful

Go to solution
Amin Shaikh
Level 1
Level 1
In response to lamav

‎02-01-2009 04:40 AM

thanks

Your input helps

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card