Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
2
Replies

3750 VLAN access

cheeang69
Level 1
Level 1

‎08-15-2007 01:59 PM - edited ‎03-05-2019 05:55 PM

Hi I recently bought a 3750 with 48port switch, and configured 7 Vlan for 5 small companies. 2 vlan are share among the 5 companies for internet access and printers. no communication are allowed between the company. So I turn on ip routing and try to use access list to block between the vlan. I find it hard in this way. Do you have any suggestion to achieve this

Labels:
0 Helpful
2 Replies 2

royalblues
Level 10
Level 10

‎08-15-2007 02:02 PM

Well access-list is the way to block intervlan communication.

If your switches & network topology support MVRF (VRF-lite) you can place these vlans in a seperate VRF which will give seperation

HTH

Narayan

0 Helpful

med_ddevlin
Level 1
Level 1

‎08-15-2007 06:50 PM

I'd setup Community PVLAN's per company and configure promiscuous ports for your uplinks and printers. That way they are all secured per company and cannot access the others.

If you need a hand in setting this up, please let me know and I can give some example configs for you.

Actually, here you go:

Company 1 - ports 1-5

Company 2 - ports 6-10

Company 3 - ports 11-15

Company 4 - ports 16-20

Company 5 - ports 21-25

Internet Router port 48

Printer 1 - port 47

Without testing this it should work. I just threw it together in a couple minutes so there may be a typo in there somewhere...

vlan 40

private-vlan primary

private-vlan association 401-405

vlan 401

name Company 1

private-vlan community

vlan 402

name Company 2

private-vlan community

vlan 403

name Company 3

private-vlan community

vlan 404

name Company 4

private-vlan community

vlan 405

name Company 5

private-vlan community

interface f0/48

description to Internet Router

switchport mode private-vlan promiscuous

switchport private-vlan mapping 40 401-405

speed 100

duplex full

no cdp enable

interface f0/47

description to Printer

switchport mode private-vlan promiscuous

switchport private-vlan mapping 40 401-405

speed 100

duplex full

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/1 - 5

description to Company 1

switchport private-vlan host-association 40 401

switchport mode private-vlan host

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/6 - 10

description to Company 2

switchport private-vlan host-association 40 402

switchport mode private-vlan host

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/11-15

description to Company 3

switchport private-vlan host-association 40 403

switchport mode private-vlan host

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/16 - 20

description to Company 1

switchport private-vlan host-association 40 404

switchport mode private-vlan host

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

interface range f0/21 - 25

description to Company 1

switchport private-vlan host-association 40 405

switchport mode private-vlan host

speed 100

spanning-tree portfast

spanning-tree bpduguard enable

Please rate if this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card