VLAN restriction

Unanswered Question
Jul 15th, 2010

Hi, is there any way to restrict access users from one vlan to another, without ACL on Vlan Interfaces, without VACL and without PVLAN. All this methods are good but huge. I need something simple, like on trunk ports:

switchport trunk allowed vlan ...

but it should be on vlan level...something like...this...

for instance

vlan 2

ip access-group 100

ip access-list 7000

10 deny ip vlan2 vlan3


something like that


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Amit Singh Thu, 07/15/2010 - 05:41

PVLAN, VACLS are designed for this sepcific requirement what you are looking for. Without these features might be hard to achieve what you want. You can use "protected port" feature if it is specific about some applications that you want to be restricted.


On a lighter note, easiest would be not to configure the SVI for the vlans and let the firewall route the traffic between the vlans and have the firewall restrict that.



This Discussion