Well in my network Intervlan is working perfectly. We have about 80 switches in a network, includes all Access as well as Distribution. Now I have a case in hand where we have to stop all Vlan 20 users from accessing all vlan 30 users. And they in curent scenario able to access internet which should nopt get hampered. Well these both vlans are present on almost 30 odd switches and they all are getting connected through Core switches. How can I acheieve it, can we discuss all the possible solutions for the same irrespective of network. In general if I want to achieve this how can i do it ?
Please help me on this.
Solved! Go to Solution.
Doesn't matter how many switches you have because it is the L3 interfaces for these vlans where you apply the access-list list.
So lets say
vlan 20 = 192.168.5.0/24
vlan 30 = 192.168.6.0/24
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 101 permit ip any any
int vlan 20
ip access-group 101 in
The above will stop any traffic from vlan 20 to vlan 30 but allow all other traffic from vlan 20 to any other destination.
Thanks for your reply, well that is absolutely correct. Well besides ACL can we do it in any other way just for extra knowledge I am asking. If don't mind can you please suggest other possible solutions besides this.
Like many things were coming in my mind like Privte vlans then the protected optio then Vacl if possible...
Use ACLs on vlan20 to block access to vlan30's subnet. That's the easiest way.