isolate vlans on 3750 switch

Unanswered Question
Jun 3rd, 2010

Dears,


       anybody can help me in access list to restrict vlans in my core switch. I have 3750 core switch created 7 vlans.



interface Vlan1
description core & mangment
ip address 10.1.2.1 255.255.255.0
!
interface Vlan2
description edge switch
ip address 10.1.3.1 255.255.255.0
!
interface Vlan3
description wireless AP
ip address 10.1.5.1 255.255.255.0
!
interface Vlan4
description Printers & Door Access
ip address 10.1.7.1 255.255.255.0
!
interface Vlan5
description PBAX & IP Telephone
ip address 10.1.9.1 255.255.255.0
!
interface Vlan6
description Servers Vlan
ip address 10.1.10.1 255.255.255.0
!
interface Vlan7
description Desktops Vlan
ip address 10.1.20.1 255.255.255.0
!
interface Vlan8
ip address 10.1.11.2 255.255.255.0 secondary
ip address 10.1.1.2 255.255.255.0
!
interface Vlan31

ip address 10.1.31.1 255.255.255.0
!
interface Vlan10
no ip address


I have dhcp configuration for vlan 31



            I need to restrict vlan 31 from all this vlans.  i confiugure access list on core switch like but it will not take dhcp ip address



configuration:


access-list 101 deny ip 10.1.31.0 0.0.0.255 10.1.10.0 0.0.0.255
# access-list 101 deny ip 10.1.31.0 0.0.0.255 10.1.20.0 0.0.0.255
# access-list 101 deny ip 10.1.31.0 0.0.0.255 10.1.9.0   0.0.0.255
## access-list 101 permit ip 10.1.31.0 0.0.0.255 any


Apply this access-list 101 on vlan 31 interface
           Interface vlan31
        # Ip access-group 101 in
        # end



any body can help in these issue.  waiting for reply.


regards to all

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 06/03/2010 - 07:32

Hello,

you need an ACL line like the following:


access-list 101  permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps


because hosts booting use 0.0.0.0 as source address in DHCP request and 255.255.255.255 as destination


you will need also an ip helper-address in SVI config


to have the router to relay DHCP requests to a distant DHCP server



Hope to help

Giuseppe

mrsystemengineer Thu, 06/03/2010 - 07:46

Hi Guislar,


       I mean all configuration are perfect and just i need to add one more access list which you defined and in the dhcp pool i have to define ip helper address that its.



          I have one more doubt that in vlan 6 i have dns server and i need to give access only two dns servers (10.1.6.232, 10.1..6.233) to vlan31 can communication.  HOw i can used access list to permit vlan31 to access this two ip address only and all other should be denied.



       I will try this ocnfiguration and update you soon.



thanks a lot guislar.



regards

Actions

This Discussion

Related Content