some ports needs to acess 2 vlans

Unanswered Question
Dec 9th, 2009

hi all,

i am having one scenario

i need to create 3 vlans like

vlan1-- sales

vlan2 --- tech

vlan3-- manager

what i need is sales and tech are need to access their own vlan but manager need to access all vlans

and gateway is single.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Wed, 12/09/2009 - 22:52

Hello Cyril,

this can be done: the gateway provides inter-vlan routing.

To introduce connectivity limitations you need to deploy the appropriate ACLs.

vlan 1         ----->

vlan 2        ------>

vlan 3       ------>

access-list 101 permit ip

access-list 102 permit ip

int vlan 1

ip access-group 101 in

int vlan 2

ip access-group 102 in


if you want to provide internet access you need modified ACLs like

access-list 111 deny ip

access-list 111 permit ip any

access-list 112 deny ip

access-list 112 permit ip any

to be applied in place of the previuos ones

Hope to help


Giuseppe Larosa Thu, 12/10/2009 - 03:30

Hello Cyril,

yes, actually I've provided example commands for a Cisco multilayer switch

the vlan x is the L3 interface associated to Vlan x (L2 broadcast domain) and they are called SVI switchted virtual interface

Hope to help



This Discussion