Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3520 switch vlans and inter vlan routing

Dear All,

I have a cisco 3520 switch, i am creating vlans 2-10, first vlan is available by default,

My servers are in Vlan 1, and I want that my users in other vlans only communicate with servers i.e. vlan 1

switch ports are assigned to vlans

vlan 1 ip address 192.168.1.1

vlan 2 ip address 192.168.2.1

vlan 3 ip address 192.168.3.1

and so on

please advise me any proper solution,

Regards,

Junaid

3 REPLIES
Blue

Re: 3520 switch vlans and inter vlan routing

First, get your servers out of vlan 1. It is not a good practice to use vlan 1 for user data. vlan 1 carries control plane traffic between switches and it should be left that way.

Second, you can create an ACL that permits traffic only from the server vlan and denies all other user traffic originated in other vlans, and then apply it to all the user vlan interfaces.

switch(conf t)#access-list 10 permit 192.168.1.0

switch(conf t)#int range vlan 2 - 10

switch(conf t)#ip access-group 10 out

There is an implicit "deny" at the end of the ACL.

An access-list applied outbound to a vlan interface is for traffic going TO machines on that vlan.

An access-list applied inbound to a vlan is for traffic coming FROM machines on that vlan.

HTH

Victor

New Member

Re: 3520 switch vlans and inter vlan routing

Dear Victor,

I applied your commands on my switch,,, but i am facing a problem..

I moved my servers from vlan 1 to vlan 11 but the ip is same 192.168.1.1

Desktop PCs in other vlans (2-10) are unable to communicate with servers in vlan 11

Desktops can ping 192.168.1.1

but unable to ping 192.168.1.17

i added a default route

ip route 0.0.0.0 0.0.0.0 192.168.1.0

and a ip default route command

ip default-gateway 192.168.1.0

but its still unable to communicate with servers,,

WAITING FOR YOUR PROMPT REPLY

THANKS

Junaid

New Member

Re: 3520 switch vlans and inter vlan routing

Based on my interpretation of your scenario you would want to use acls on the switch to allow communication from each ip address range to vlan 1 address range, allow vlan 1 address range to talk to any ip, and block all other communications from vlan 2-10 ip address ranges.

505
Views
0
Helpful
3
Replies
CreatePlease login to create content