Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

isolate vlans on 3750 switch


       anybody can help me in access list to restrict vlans in my core switch. I have 3750 core switch created 7 vlans.

interface Vlan1
description core & mangment
ip address
interface Vlan2
description edge switch
ip address
interface Vlan3
description wireless AP
ip address
interface Vlan4
description Printers & Door Access
ip address
interface Vlan5
description PBAX & IP Telephone
ip address
interface Vlan6
description Servers Vlan
ip address
interface Vlan7
description Desktops Vlan
ip address
interface Vlan8
ip address secondary
ip address
interface Vlan31

ip address
interface Vlan10
no ip address

I have dhcp configuration for vlan 31

            I need to restrict vlan 31 from all this vlans.  i confiugure access list on core switch like but it will not take dhcp ip address


access-list 101 deny ip
# access-list 101 deny ip
# access-list 101 deny ip
## access-list 101 permit ip any

Apply this access-list 101 on vlan 31 interface
           Interface vlan31
        # Ip access-group 101 in
        # end

any body can help in these issue.  waiting for reply.

regards to all

Everyone's tags (2)
Hall of Fame Super Silver

Re: isolate vlans on 3750 switch


you need an ACL line like the following:

access-list 101  permit udp host eq bootpc host eq bootps

because hosts booting use as source address in DHCP request and as destination

you will need also an ip helper-address in SVI config

to have the router to relay DHCP requests to a distant DHCP server

Hope to help


New Member

Re: isolate vlans on 3750 switch

Hi Guislar,

       I mean all configuration are perfect and just i need to add one more access list which you defined and in the dhcp pool i have to define ip helper address that its.

          I have one more doubt that in vlan 6 i have dns server and i need to give access only two dns servers (, 10.1..6.233) to vlan31 can communication.  HOw i can used access list to permit vlan31 to access this two ip address only and all other should be denied.

       I will try this ocnfiguration and update you soon.

thanks a lot guislar.


CreatePlease login to create content