Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

limiting vlans acces

How can I prevent vlans having access to other vlans?

On the 6509 and switches 3550s

3 REPLIES
Hall of Fame Super Blue

Re: limiting vlans acces

Pedro

You can use standard acl's to limit the access between vlans. An example -

vlan 10 = 192.168.5.0/24

vlan 11 = 192.168.6.0/24

vlan 12 = 192.168.7.0/24

you want to stop traffic from vlan 10 going to vlan 11 & 12 but you still want to allow vlan 10 traffic to go out to the internet

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 permit ip any any

int vlan 10

ip access-group 101 in

Jon

Re: limiting vlans acces

to add to jon post

vlan ACl wil do the same job

VACL fillter traffic within the vlan and between vlans as well using same concept above

just search in cco on "VACL" you will get alot of documents

good luck

hope this helps

Community Member

Re: limiting vlans acces

If you want to make them completely isolated and not route to anything else you have two other options:

1) Completely remove the Layer 3 interface for the Vlan from the backbone.

2) Remove the default gateways from the clients and use static routing to only allow them access to specific networks or hosts. This removes the need for complex configurations on the backbone. Arguably this isn't the most secure, but can be a quick win if security isnt the major concern.

HTH.

118
Views
0
Helpful
3
Replies
CreatePlease to create content