I have 4 vlans,Vlan-2 (192.168.2.0/24) Vlan-3 (192.168.3.0/24) Vlan-4 (192.168.4.0/24) and Vlan-5 (192.168.5.0/24).
I'm using a cisco 3750 to do all my layer 3 traffic.
My Network Design:
I have enable the switchport trunk encapsulate dot1q on int fa1/0/2 and created vlan and enable all vlan pass through the interface fa1/0/2,
from fa1/0/2 i connected to L2 Switch and enable trunk on L2 Switch and associated diffrent port with diffrent vlan.
What would be the easiest way to use ACLs to prevet any Vlan to talking to any Vlan ?
Thanks in advance for your help.
You don't say what the LAN server address is but assuming it isn't on one of the 4 vlans -
So from the perspective of vlan 2
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 deny ip 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 101 permit ip any any
int vlan 2
ip access-group 101 in
and then you need to repeate the above from the perspective of each of your vlans ie
access-list 102 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255