I have 4 vlans on a switch, 1 outside and 3 inside vlans.
vlan 5 - outside
vlan10 - inside1
vlan20 - inside2
vlan30 - inside3
vlan5 has no ip address assigned, but the 3 others have. What I want to accomplish is that traffic can float between vlan20 and vlan30, and between vlan10 and vlan20. And not between vlan10 and vlan30. How do I accomplish this? With access-lists?
Not 100% sure what you mean by float but presumably you mean allow traffic.
So in short you can do this with access-lists. As an example
vlan 10 = 192.168.5.0/24
vlan 20 = 192.168.6.0/24
vlan 30 = 192.168.7.0/24
For vlan 10
access-list 101 permit ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 101 deny ip any any
int vlan 10
ip access-group 101 in
The above config does the following
1) Allows vlan 10 to communicate with vlan 20.
2) Stops vlan 10 communicating with anything else including any outside addresses. Note there is an implicit deny at the end of every access-list so you don't actually need to explicitly put in that second line.
if you wanted to allow vlan 10 talk to vlan 20 and all outside IP addresses but not vlan 30
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...