06-26-2009 10:00 AM - edited 03-06-2019 06:29 AM
Hi,
I have this scenario and need help
Network with 4 VLAN
VLAN#1
name : User-VLAN
VLAN#2
name : Server-VLAN
VLAN#3
name : Guest-VLAN
VLAN#4
name : Internet-VLAN
How to avoid guess VLAN to communicate with Other VLAN except Internet-VLAN
All VLAN are created on 3560 Switch
Routing protocol : OSPF
06-26-2009 10:58 AM
Hello Amin,
the easiest way to do it is using an ACL applied to the SVI that denies access to other Vlans ip subnets and allow all other destinations
I mean an extended ip acl applied
access-list 101 deny ip 10.10.100.0 10.0.0.0 0.255.255.255
access-list 101 permit ip 10.10.100.0 any
int vlan 3
ip access-group 3 in
Other more advanced methods exist but this is enough to create a guest vlan
Hope to help
Giuseppe
06-26-2009 11:38 AM
Hello,
Is it recommended to configure DMZ VLAN on the core Switch or to have dedicated switch and keep it away from LAN.
what security config steps are required if DMZ vlan is configured on core switch
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: