access restriction

Answered Question
May 18th, 2009
User Badges:

Hello,


I have a cisco 4507 CORE switch on which i want to implement routing and vlans through vtp.I Have the 3750 distribution switch (connected to the core) on which there are several vlans.

How can i prevent the vlans from talking to each other ?

I know of port protection but since there is a layer 3 device it will not work.

As of private vlans they only work in vtp transparent mode.

Since i am using dhcp i can not use vlan access map.

I can not use the switchport allowed vlan since they are on the same switch.


Any idea will be great

Correct Answer by Jon Marshall about 8 years 2 months ago

Okay, your best bet is to use private vlans. Yes you will need transparent mode but with only 5 vlans i'm not sure that is really such an issue.


If you really want to stop every user talking to every other user within the same vlan you may want to ask why this is the case ie. you may want to reconsider some of the design setup.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 05/18/2009 - 11:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Not entirely sure i understand what you are asking.


If you want to restrict traffic between vlans then use normal L3 access-lists and apply them to the L3 vlan interfaces.


If this is not what you need could you clarify ?


Jon

kolawole1 Mon, 05/18/2009 - 11:42
User Badges:

Hi,


Users are in the same network 172.16.10.0 /24.


Thanks

Jon Marshall Mon, 05/18/2009 - 11:48
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

From your original post -


"How can i prevent the vlans from talking to each other ?"


From this post -


"Users are in the same network 172.16.10.0 /24"


So could you clarify exactly what you want. You mention vlans on the 4500 and on the 3750, how are they related ??. Is the 3750 switch doing inter-vlan routing as well as the core ?


People here are more than happy to help you but we need the relevant information.


Jon

kolawole1 Mon, 05/18/2009 - 12:14
User Badges:

Hi,

5 vlans will be implemented on the 4500 switch and ip routing will be enabled on it.No user is connected to the 4500 but only servers.Inter-vlan routing will not be implemented on the 3750 switch.The 3750 will learn vlans through vtp.Users on the same vlan share the same ip address space, but i do not want them to communicate with each other but they should be able to access the server vlan on the switch.


Correct Answer
Jon Marshall Mon, 05/18/2009 - 13:17
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, your best bet is to use private vlans. Yes you will need transparent mode but with only 5 vlans i'm not sure that is really such an issue.


If you really want to stop every user talking to every other user within the same vlan you may want to ask why this is the case ie. you may want to reconsider some of the design setup.


Jon

kolawole1 Mon, 05/18/2009 - 23:56
User Badges:

Which design do you suggest in this case?


A switch in transparent mode can it learn and send vlan information from vtp server as a client would do ?

Actions

This Discussion