Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Pruning a VLAN

<p>My charitable organization people are in VLAN 12.  The hospital is in VLAN 11.  They both connect via fiber to a 3560G.  Right now, 11 and 12 can see all of the other person's network.  I want to make it so 12 cannot see 11.</p>

<p>12 Trunks out of Int G0/1 on its 3560 (Charity3560), which goes to the 3560G (port G0/4) and 11 is on port G0/5 of the 3560G.</p>

<p>The trick:  Other buildings are ALSO in Vlan 12.  They need to see VLAN 11, but just not the people in Charity.</p>

<p>I tried (issued on Charity3560):</p>

<p>int g0/1</p>

<p>switchport trunk allowed vlan except 11</p>

<p>But I could still ping devices in VLAN 11.  Am I missing something?  Or am I not completely understanding VLANs?</p>

<p>Thank you!</p>


Re: Pruning a VLAN

You are trying to block L3 traffic (since it's being switched from one vlan to the other) by means of blocking at layer 2.  If you are trying to prevent host in vlan 11 in 3560A to talking to host in vlan 11 in 3560B by clearing vlan 11 on the trunk port on both switches then this methid would work.  For your needs and requirements I am afraid you will need to create and ACL that block traffic from vlan 11 to vlan 12 or vice versa.

CreatePlease to create content