Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
801
Views
5
Helpful
8
Replies

Block vlan 20 to communicate with vlan 30

Go to solution
mangesh.kamble
Level 1
Level 1

‎10-16-2008 05:07 AM - edited ‎03-06-2019 01:57 AM

Hi all,

Well in my network Intervlan is working perfectly. We have about 80 switches in a network, includes all Access as well as Distribution. Now I have a case in hand where we have to stop all Vlan 20 users from accessing all vlan 30 users. And they in curent scenario able to access internet which should nopt get hampered. Well these both vlans are present on almost 30 odd switches and they all are getting connected through Core switches. How can I acheieve it, can we discuss all the possible solutions for the same irrespective of network. In general if I want to achieve this how can i do it ?

Please help me on this.

Thanking you.

Regards,

Mangesh.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to mangesh.kamble

‎10-16-2008 05:42 AM

Private vlans and VACL's are generally used for traffic between members of the same vlan not between members of different vlans.

You could use a firewall instead but it's the same principle.

Jon

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-16-2008 05:32 AM

Mangesh

Doesn't matter how many switches you have because it is the L3 interfaces for these vlans where you apply the access-list list.

So lets say

vlan 20 = 192.168.5.0/24

vlan 30 = 192.168.6.0/24

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 permit ip any any

int vlan 20

ip access-group 101 in

The above will stop any traffic from vlan 20 to vlan 30 but allow all other traffic from vlan 20 to any other destination.

Jon

Go to solution
mangesh.kamble
Level 1
Level 1
In response to Jon Marshall

‎10-16-2008 05:39 AM

Hi Jon,

Thanks for your reply, well that is absolutely correct. Well besides ACL can we do it in any other way just for extra knowledge I am asking. If don't mind can you please suggest other possible solutions besides this.

Like many things were coming in my mind like Privte vlans then the protected optio then Vacl if possible...

Thanking you.

Regards,

Mangesh.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to mangesh.kamble

‎10-16-2008 05:42 AM

Private vlans and VACL's are generally used for traffic between members of the same vlan not between members of different vlans.

You could use a firewall instead but it's the same principle.

Jon

0 Helpful

Go to solution
mangesh.kamble
Level 1
Level 1
In response to Jon Marshall

‎10-16-2008 06:18 AM

Hi Jon,

Thanks for your reply.

Thanks for all the help.

Thanks John to you too.

Regards,

Mangesh.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎10-16-2008 05:33 AM

Use ACLs on vlan20 to block access to vlan30's subnet. That's the easiest way.

--John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
bjw
Level 4
Level 4
In response to John Blakley

‎10-16-2008 06:21 AM

You may also want to consider blocking ICMP in your ACL in addition to the IP block you've defined.

Bill

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to bjw

‎10-16-2008 06:23 AM

Bill

Not sure what you mean here. If you block IP you automatically block all ICMP as well.

Jon

0 Helpful

Go to solution
mangesh.kamble
Level 1
Level 1
In response to bjw

‎10-16-2008 06:29 AM

hi Bill,

yeah I will do that for sure. Thanks for your input.

Regards,

Mangesh.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card