09-02-2008 01:22 AM - edited 03-06-2019 01:07 AM
I've setup a Cisco 3750 & 3560 with VLAN20 & VLAN30. Is it by default that VLAN20 & VLAN30 are isolated i.e. users on VLAN20 are not able to view VLAN30 files & folders ?
If no, hope I can get some samples to secure the VLANs.
regards,
09-02-2008 01:26 AM
Hi
Yes the user will not be able to access the resources from each others vlan.
Just to ask have u used different subnets for these 2 vlans.
Thanks
Mahmood
09-02-2008 02:56 AM
It depends on your setup.
If the switches are connected to each via a trunk link and you have created L3 SVI's for each vlan ie.
int vlan 20
ip address 192.168.5.1
int vlan 30
ip address 192.168.6.1
then yes users on vlan 20 can view files and folders on vlan 30 and vice-versa from a network level. Whether they have permissions at the OS level is another matter.
If you want to stop this happening, using the addressing above as an example
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 permit ip any any
int vlan 20
ip access-group 101 in
int vlan 30
ip access-group 102 in
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide