Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Guest-Vlan Restriction

Hi,

I have this scenario and need help

Network with 4 VLAN

VLAN#1

name : User-VLAN

VLAN#2

name : Server-VLAN

VLAN#3

name : Guest-VLAN

VLAN#4

name : Internet-VLAN

How to avoid guess VLAN to communicate with Other VLAN except Internet-VLAN

All VLAN are created on 3560 Switch

Routing protocol : OSPF

2 REPLIES
Hall of Fame Super Silver

Re: Guest-Vlan Restriction

Hello Amin,

the easiest way to do it is using an ACL applied to the SVI that denies access to other Vlans ip subnets and allow all other destinations

I mean an extended ip acl applied

access-list 101 deny ip 10.10.100.0 10.0.0.0 0.255.255.255

access-list 101 permit ip 10.10.100.0 any

int vlan 3

ip access-group 3 in

Other more advanced methods exist but this is enough to create a guest vlan

Hope to help

Giuseppe

New Member

Re: Guest-Vlan Restriction

Hello,

Is it recommended to configure DMZ VLAN on the core Switch or to have dedicated switch and keep it away from LAN.

what security config steps are required if DMZ vlan is configured on core switch

172
Views
0
Helpful
2
Replies
CreatePlease to create content