Hi, I have 2 layer vlans created on my core switch. These vlans are advertised on eigrp protocol running on the core switch and subsequently advertised on bgp in the routers connected to the core switch.
The 2 Vlans are Vlan 12 and Vlan 13. Vlan 12 is a static Vlan which is to provide IP addresses to all the servers and Vlan 13 is a static Vlan which is to provide IP addresses to the device which is communicating with the server Vlan.
My requirement is Vlan 13 should be totally isolated from all other Vlans and traffic except Vlan 13.
i.e. Vlan 13 should be reachable via Vlan 12 and Vlan 13 should be not be reachable to any other traffic or any other Vlan. Vlan 13 should be totally isolated in and out traffic both.
I have an access-list on Vlan 13 which is a standard access list permitting only Vlan 12 traffic in the outbound direction
int Vlan 13
ip address 10.10.10.1 255.255.255.224
ip access-group 13 out
int Vlan 12
ip address 188.8.131.52 255.255.255.224
access-list 13 permit 184.108.40.206 0.0.0.31
But the problem is I can ping Vlan 13 from other Vlans as source from core switch . i.e.
ping ip 10.10.10.3 source Vlan 4 gives me 100% success and I can ping Vlan 4 using Vlan13 as source.
If i try to ping it from outside the network, I can ping Vlan 13 interface but not the Ip addresses in that range.
Is the goal achieved in this case, since the access list is applied in outbound direction, I was wondering what about inbound traffic- which in a way will be achieved since outbound traffic wont be allowed to other Vlans for any inbound request.like echo will be allowed but not echo-reply to other Vlan.Just wondering if i am making sense or talking rubbish here. DO i need to make any changes to accomplish the goal to totally isolate Vlan13?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...