cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
366
Views
0
Helpful
1
Replies

Pruning a VLAN

toddnh65a
Level 1
Level 1

<p>My charitable organization people are in VLAN 12.  The hospital is in VLAN 11.  They both connect via fiber to a 3560G.  Right now, 11 and 12 can see all of the other person's network.  I want to make it so 12 cannot see 11.</p>

<p>12 Trunks out of Int G0/1 on its 3560 (Charity3560), which goes to the 3560G (port G0/4) and 11 is on port G0/5 of the 3560G.</p>

<p>The trick:  Other buildings are ALSO in Vlan 12.  They need to see VLAN 11, but just not the people in Charity.</p>

<p>I tried (issued on Charity3560):</p>

<p>int g0/1</p>

<p>switchport trunk allowed vlan except 11</p>

<p>But I could still ping devices in VLAN 11.  Am I missing something?  Or am I not completely understanding VLANs?</p>

<p>Thank you!</p>

1 Reply 1

Roberto Salazar
Level 8
Level 8

You are trying to block L3 traffic (since it's being switched from one vlan to the other) by means of blocking at layer 2.  If you are trying to prevent host in vlan 11 in 3560A to talking to host in vlan 11 in 3560B by clearing vlan 11 on the trunk port on both switches then this methid would work.  For your needs and requirements I am afraid you will need to create and ACL that block traffic from vlan 11 to vlan 12 or vice versa.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco