Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL question

we have 2 3750 switches that do not have VTP running on them. one has 4 VLANs configured on it. the vlans talk to eachother via ACLs in the switch. now I need to install another 3750 switch with basically the same senario. I have tried getting vlans 1 and 301 to talk to each other via ACLs on the switch. but the problem I keep running into is I can either shutdown ALL of the traffic or open the flood gates.

I have ip routing enabled. and trunking is enabled and vlan 301 is being trunked.

Do I need VTP running? FYI...the other switch that's supporting VLANs doesn't have it running.

the IP in 301 that needs to be seen from any IP vlan 1 is 10.35.44.22

any thoughts?

4 REPLIES
Silver

Re: ACL question

In one hand you are telling NOT VTP Running and One another hand you are telling

" I have ip routing enabled. and trunking is enabled and vlan 301 is being trunked "

mean something missing?

See, what should we do.

______________________________________________

2 Switches, configure one switch with 4 VLAN.

another switch configure with 1 and 301 Vlan ID.

Now, when you configure trunk between both of them... only alow VLAN 1 and 301. Only that two VLAN traffic will come on second switch. No need to do anything.

command: switchport mode trunk allow vlan 1,301

______________________________________________

Second Solution:

1) Configure one VTP domain.

2) Configure one switch as a VTP server and another as a VTP Client.

3) Now put access-list between both of them.

If any queries or not able to understand. Please let me know.

Regards,

Dharmesh Purohit

New Member

Re: ACL question

I screwed up....

Let me clairify myself. the new switch will contain 3 vlans, well 4 including vlan 1.

all will need to talk to eachother but not to the rest of the network. EXCEPT maybe one or two.

I mentioned enabling VTP only for the fact that I'm not sure of the results of enabling VTP on the new switch and NOT on the older switch.

I know I'm missing an easy step but for the life of me, I cannot see it.

thanks, gary

Re: ACL question

Hello Gary,

Where is the Layer 3 routing done ? on the Core ? If so, you need to configure VACL (VLAN ACL) to restrict traffic through VLANs... Its just like a normal layer 3 access-list.. permit all the networks which needs access and deny the rest... you need to apply this onto your VLAN interface...

VTP is basically required to propogate VLAN information between the core and the edge switches.. it has nothing to do with data transport or routing... If you do not have VTP running, you need to manually add all the VLANs on your new 3750 switch and trunk the traffic to the core.. this will make things work for you...

Hope this helps.. all the best..

Raj

New Member

Re: ACL question

we are putting the ACLs on the switch.

I did apply the ACL to the vlan 301 interface.

about VTP...Well, I didn't think it was a factor but then again I wasn't counting anything out.

Manually adding vlans to the switch won't be a big deal.

thanks for your help.

121
Views
0
Helpful
4
Replies
CreatePlease to create content