<p>My charitable organization people are in VLAN 12. The hospital is in VLAN 11. They both connect via fiber to a 3560G. Right now, 11 and 12 can see all of the other person's network. I want to make it so 12 cannot see 11.</p>
<p>12 Trunks out of Int G0/1 on its 3560 (Charity3560), which goes to the 3560G (port G0/4) and 11 is on port G0/5 of the 3560G.</p>
<p>The trick: Other buildings are ALSO in Vlan 12. They need to see VLAN 11, but just not the people in Charity.</p>
<p>I tried (issued on Charity3560):</p>
<p>switchport trunk allowed vlan except 11</p>
<p>But I could still ping devices in VLAN 11. Am I missing something? Or am I not completely understanding VLANs?</p>
You are trying to block L3 traffic (since it's being switched from one vlan to the other) by means of blocking at layer 2. If you are trying to prevent host in vlan 11 in 3560A to talking to host in vlan 11 in 3560B by clearing vlan 11 on the trunk port on both switches then this methid would work. For your needs and requirements I am afraid you will need to create and ACL that block traffic from vlan 11 to vlan 12 or vice versa.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...