<p>My charitable organization people are in VLAN 12. The hospital is in VLAN 11. They both connect via fiber to a 3560G. Right now, 11 and 12 can see all of the other person's network. I want to make it so 12 cannot see 11.</p>
<p>12 Trunks out of Int G0/1 on its 3560 (Charity3560), which goes to the 3560G (port G0/4) and 11 is on port G0/5 of the 3560G.</p>
<p>The trick: Other buildings are ALSO in Vlan 12. They need to see VLAN 11, but just not the people in Charity.</p>
<p>I tried (issued on Charity3560):</p>
<p>int g0/1</p>
<p>switchport trunk allowed vlan except 11</p>
<p>But I could still ping devices in VLAN 11. Am I missing something? Or am I not completely understanding VLANs?</p>
<p>Thank you!</p>