Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

4503 switch vlans

I have created 8 vlans on two 4503 switchs which are on HSRP but now I want to stop their inter vlan communication as they all are able to ping each other how can I stop them , but they should able to communicate with server zone vlan which is one of that 8 vlans

3 REPLIES

Re: 4503 switch vlans

Hi Jagdev,

You may use access-lists to deny traffic between the vlans, but allow traffic from all vlans to a specific vlan, where the servers are located.

For example:

Vlan x has the subnet x.x.x.x x.x.x.x

The server vlan y has the subnet y.y.y.y y.y.y.y

The access-list:

access-list 101 permit ip x.x.x.x x.x.x.x y.y.y.y y.y.y.y

(implicit "deny ip any any" at the end, so you don't have to add it to the access-list)

Apply this access-list to the vlan x interface of subnet x.x.x.x x.x.x.x :

interface vlan x

ip access-group 101 in

By applying similar access-lists to all 7 vlan interfaces (except interface vlan y, the server vlan) you achieve the desired result.

Cheers:

Istvan

New Member

Re: 4503 switch vlans

is there any other option availble or this is the only one, and i already using the acees list 101

Re: 4503 switch vlans

Hi,

If access-list 101 is already in use, you can use from 102 .... to 108 for the 7 different vlans and subnets.

I think this is the simplest method of solving your issue.

Cheers:

Istvan

114
Views
0
Helpful
3
Replies
CreatePlease to create content