create a new seperate vlan

Unanswered Question
Nov 10th, 2009
User Badges:

Hi


I recently got involved in the configuration of cisco switches and I have to configure a new switch for a different vlan. All existing devices are on Vlan1. Here is my question:


I have a set of new PCs/Servers that need to be on a seperate VLAN e.g vlan 20. These devices should not be accessed by any other device on Vlan1 but they can access one server on Vlan 1. This is what I have done:


1. Created new vlan 20 and interface vlan 20 on a layer3 switch. The routing on the layer 3 switch is set to route everything through the layer 3 switch (route 0.0.0.0 0.0.0.0 192.168.20.1).


2. On the new switch, I assigned an ip address in the .20.XX range and moved all the ports to vlan 20.


3. Assigned the new Pcs/servers static ip addresses in the same range with default gateway the layer 3 switch 192.168.20.1.


It is all working but in thsi configuration the devices on Vlan1 can access the new devices on vlan20.


Your help is greatly appreciated.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Tue, 11/10/2009 - 12:43
User Badges:
  • Green, 3000 points or more

You could do something like this...


access-list 100 permit ip host 192.168.20.0 0.0.0.255

access-list 100 deny ip any 192.168.20.0 0.0.0.255

access-list 100 permit ip any any


int vlan 1

ip access-group 100 in


Actions

This Discussion