05-08-2008 01:21 AM - edited 03-05-2019 10:50 PM
Hi there, I've got a 6500 switch which has 6 VLANs on it (1,2,3,4,5,6). All of the VLANs have IP addresses for routing. How would I be able to make it so that VLANs 1,2 and 3 can route to each other, and VLANs 4,5 and 6 can route to each other but the 2 groups of 3 VLANs can't see each other (i.e. so 1,2,3 can't see (or pass traffic between) 4,5,6).
Any advice appreciated, thanks
Pete.
05-08-2008 01:32 AM
Pete
You could just use access-lists on the vlan interfaces to keep the traffic segregated but if you wanted separate routing tables then you need to look into vrf-lite which is supported on the 6500.
Jon
05-08-2008 01:33 AM
Pete,
The above sounds like a need for Private VLAN's and/or VLAN acl's:-
http://www.cisco.com/warp/public/473/90.shtml
http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/vacl.pdf
HTH.
05-08-2008 01:36 AM
I stand corrected, but I think the solution is the combination on the above 2 replies.
PVLAN will take care of L2 cross talk, where as ACL takes care of L3.
I have using PVLAN + ACLs at edge 4500 to protect customers from each other and network customers.
HTH
Sam
05-08-2008 03:17 AM
Thanks for all the replies guys. They've given me some good ideas to think about so now I'll have a bit of a read round.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: