create a new seperate vlan

Unanswered Question
Nov 10th, 2009
User Badges:


I recently got involved in the configuration of cisco switches and I have to configure a new switch for a different vlan. All existing devices are on Vlan1. Here is my question:

I have a set of new PCs/Servers that need to be on a seperate VLAN e.g vlan 20. These devices should not be accessed by any other device on Vlan1 but they can access one server on Vlan 1. This is what I have done:

1. Created new vlan 20 and interface vlan 20 on a layer3 switch. The routing on the layer 3 switch is set to route everything through the layer 3 switch (route

2. On the new switch, I assigned an ip address in the .20.XX range and moved all the ports to vlan 20.

3. Assigned the new Pcs/servers static ip addresses in the same range with default gateway the layer 3 switch

It is all working but in thsi configuration the devices on Vlan1 can access the new devices on vlan20.

Your help is greatly appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Tue, 11/10/2009 - 12:43
User Badges:
  • Green, 3000 points or more

You could do something like this...

access-list 100 permit ip host

access-list 100 deny ip any

access-list 100 permit ip any any

int vlan 1

ip access-group 100 in


This Discussion