Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
6
Replies

access restriction

Go to solution
kolawole1
Level 1
Level 1

‎05-18-2009 11:27 AM - edited ‎03-06-2019 05:47 AM

Hello,

I have a cisco 4507 CORE switch on which i want to implement routing and vlans through vtp.I Have the 3750 distribution switch (connected to the core) on which there are several vlans.

How can i prevent the vlans from talking to each other ?

I know of port protection but since there is a layer 3 device it will not work.

As of private vlans they only work in vtp transparent mode.

Since i am using dhcp i can not use vlan access map.

I can not use the switchport allowed vlan since they are on the same switch.

Any idea will be great

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to kolawole1

‎05-18-2009 01:17 PM

Okay, your best bet is to use private vlans. Yes you will need transparent mode but with only 5 vlans i'm not sure that is really such an issue.

If you really want to stop every user talking to every other user within the same vlan you may want to ask why this is the case ie. you may want to reconsider some of the design setup.

Jon

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-18-2009 11:34 AM

Not entirely sure i understand what you are asking.

If you want to restrict traffic between vlans then use normal L3 access-lists and apply them to the L3 vlan interfaces.

If this is not what you need could you clarify ?

Jon

0 Helpful

Go to solution
kolawole1
Level 1
Level 1
In response to Jon Marshall

‎05-18-2009 11:42 AM

Hi,

Users are in the same network 172.16.10.0 /24.

Thanks

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to kolawole1

‎05-18-2009 11:48 AM

From your original post -

"How can i prevent the vlans from talking to each other ?"

From this post -

"Users are in the same network 172.16.10.0 /24"

So could you clarify exactly what you want. You mention vlans on the 4500 and on the 3750, how are they related ??. Is the 3750 switch doing inter-vlan routing as well as the core ?

People here are more than happy to help you but we need the relevant information.

Jon

0 Helpful

Go to solution
kolawole1
Level 1
Level 1
In response to Jon Marshall

‎05-18-2009 12:14 PM

Hi,

5 vlans will be implemented on the 4500 switch and ip routing will be enabled on it.No user is connected to the 4500 but only servers.Inter-vlan routing will not be implemented on the 3750 switch.The 3750 will learn vlans through vtp.Users on the same vlan share the same ip address space, but i do not want them to communicate with each other but they should be able to access the server vlan on the switch.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to kolawole1

‎05-18-2009 01:17 PM

Okay, your best bet is to use private vlans. Yes you will need transparent mode but with only 5 vlans i'm not sure that is really such an issue.

If you really want to stop every user talking to every other user within the same vlan you may want to ask why this is the case ie. you may want to reconsider some of the design setup.

Jon

0 Helpful

Go to solution
kolawole1
Level 1
Level 1
In response to Jon Marshall

‎05-18-2009 11:56 PM

Which design do you suggest in this case?

A switch in transparent mode can it learn and send vlan information from vtp server as a client would do ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card