Guest-Vlan Restriction

Unanswered Question
Jun 26th, 2009


I have this scenario and need help

Network with 4 VLAN


name : User-VLAN


name : Server-VLAN


name : Guest-VLAN


name : Internet-VLAN

How to avoid guess VLAN to communicate with Other VLAN except Internet-VLAN

All VLAN are created on 3560 Switch

Routing protocol : OSPF

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Fri, 06/26/2009 - 10:58

Hello Amin,

the easiest way to do it is using an ACL applied to the SVI that denies access to other Vlans ip subnets and allow all other destinations

I mean an extended ip acl applied

access-list 101 deny ip

access-list 101 permit ip any

int vlan 3

ip access-group 3 in

Other more advanced methods exist but this is enough to create a guest vlan

Hope to help


Amin Shaikh Fri, 06/26/2009 - 11:38


Is it recommended to configure DMZ VLAN on the core Switch or to have dedicated switch and keep it away from LAN.

what security config steps are required if DMZ vlan is configured on core switch


This Discussion