cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
348
Views
0
Helpful
2
Replies

Guest-Vlan Restriction

Amin Shaikh
Level 1
Level 1

Hi,

I have this scenario and need help

Network with 4 VLAN

VLAN#1

name : User-VLAN

VLAN#2

name : Server-VLAN

VLAN#3

name : Guest-VLAN

VLAN#4

name : Internet-VLAN

How to avoid guess VLAN to communicate with Other VLAN except Internet-VLAN

All VLAN are created on 3560 Switch

Routing protocol : OSPF

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Amin,

the easiest way to do it is using an ACL applied to the SVI that denies access to other Vlans ip subnets and allow all other destinations

I mean an extended ip acl applied

access-list 101 deny ip 10.10.100.0 10.0.0.0 0.255.255.255

access-list 101 permit ip 10.10.100.0 any

int vlan 3

ip access-group 3 in

Other more advanced methods exist but this is enough to create a guest vlan

Hope to help

Giuseppe

Hello,

Is it recommended to configure DMZ VLAN on the core Switch or to have dedicated switch and keep it away from LAN.

what security config steps are required if DMZ vlan is configured on core switch

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco