How to configure monitoring access to a device on a private vlan?

Unanswered Question
Dec 21st, 2009


I have a large network which consists of a private and public IP block.  I'm attempting to do something a little different.  At a given location I have set up two wireless point to point links.  These wireless links act as a bridge passing "any" traffic.  The IP addresses of the devices are/would be visible on my management private IP block (  The purpose of the wireless link is to provide a 20meg circuit between two endpoints for a customer.  So I have four wireless radios set up which span the 5 mile links.  My problem is this, how can I keep traffic from this customer (presumably using a 10/172/192 class a/b/c private ip block) on a separate broadcast domain and yet monitor/graph the radios?  Is it possible using only vlan's and access lists or am I going to need a router?  In other words, I want to monitor the radios health and traffic bandwidth from my side and yet keep their network traffic within the circuit (or vlan) isolated.  Sadly, this would all be very easy if the radios had a separate management port rather than inband management.  Any suggestions would be very much appreciated.

Thank you.


What I have so far.  Of course, with the two ports 10 and 11 on a separate vlan (500), the ip's are no longer visible to my network as expected.

my network (native vlan1 and vlan2) on a Catalyst 2900XL

my network -----                ---- Port10/vl500 --- <->
                            |--- Switch ---|
my network xx.xx.0.0/18 ----                ---- Port11/vl500 --- <->

interface FastEthernet0/10
description relay2pudo
switchport access vlan 500
speed 100
duplex full
interface FastEthernet0/11
description relay2puhs
switchport access vlan 500
speed 100
duplex full

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Mon, 01/04/2010 - 12:15

Hello Tony,

sorry for the late answer

>> Is it possible using only vlan's and access lists or am I going to need a router?

if you had a true multilayer switch you wouldn't need a router, if all you have is a C2900XL you need a router and you can use Vlan subinterfaces on it.

The ACLs can be used to limit IP connectivity.

Hope to help



This Discussion