Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

3750 VLAN access

Hi I recently bought a 3750 with 48port switch, and configured 7 Vlan for 5 small companies. 2 vlan are share among the 5 companies for internet access and printers. no communication are allowed between the company. So I turn on ip routing and try to use access list to block between the vlan. I find it hard in this way. Do you have any suggestion to achieve this

2 REPLIES

Re: 3750 VLAN access

Well access-list is the way to block intervlan communication.

If your switches & network topology support MVRF (VRF-lite) you can place these vlans in a seperate VRF which will give seperation

HTH

Narayan

New Member

Re: 3750 VLAN access

I'd setup Community PVLAN's per company and configure promiscuous ports for your uplinks and printers. That way they are all secured per company and cannot access the others.

If you need a hand in setting this up, please let me know and I can give some example configs for you.

Actually, here you go:

Company 1 - ports 1-5

Company 2 - ports 6-10

Company 3 - ports 11-15

Company 4 - ports 16-20

Company 5 - ports 21-25

Internet Router port 48

Printer 1 - port 47

Without testing this it should work. I just threw it together in a couple minutes so there may be a typo in there somewhere...

vlan 40

private-vlan primary

private-vlan association 401-405

vlan 401

name Company 1

private-vlan community

vlan 402

name Company 2

private-vlan community

vlan 403

name Company 3

private-vlan community

vlan 404

name Company 4

private-vlan community

vlan 405

name Company 5

private-vlan community

interface f0/48

description to Internet Router

switchport mode private-vlan promiscuous

switchport private-vlan mapping 40 401-405

speed 100

duplex full

no cdp enable

interface f0/47

description to Printer

switchport mode private-vlan promiscuous

switchport private-vlan mapping 40 401-405

speed 100

duplex full

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/1 - 5

description to Company 1

switchport private-vlan host-association 40 401

switchport mode private-vlan host

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/6 - 10

description to Company 2

switchport private-vlan host-association 40 402

switchport mode private-vlan host

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/11-15

description to Company 3

switchport private-vlan host-association 40 403

switchport mode private-vlan host

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/16 - 20

description to Company 1

switchport private-vlan host-association 40 404

switchport mode private-vlan host

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/21 - 25

description to Company 1

switchport private-vlan host-association 40 405

switchport mode private-vlan host

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

Please rate if this helps.

145
Views
0
Helpful
2
Replies
CreatePlease to create content