Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

To stop communcation among vlans at L3

Hi,

I created vlans on L3(3560) and is able to route the all vlans to internet using a router.

internet...>router(natting)...>Switch(L3 3560 with 5 vlans).

All seems to working fine where i want to use different vlans and access internet.Now 5 vlans created on the L3 are able to access each other as well.Do let me know what all am I missing.

e.g vlan 2 192.168.1.0/24 and Vlan 3 192.168.2.0/24 are able to go internet as ip routing is enabled on the switch and backward route is defined on the router.But user on vlan2 are also able to access vlan3 network,which i don't want.

My first purpose to get all valns to internet has been solved but the second one securing vlan is there.

Please help.

Reg,

Sushil

5 REPLIES
Hall of Fame Super Blue

Re: To stop communcation among vlans at L3

Sushil

You need to apply acl's to your vlan interfaces eg.

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255

etc for each vlan

access-list 101 permit ip any any

the permit ip any any at the end of the access-list is for internet access.

int vlan 2

ip access-group 101 in

You need to do this for each of your internal vlans.

Jon

New Member

Re: To stop communcation among vlans at L3

Hi jon,

Sorry for the intrupt, i have one doubt in your post that is you told that

"You need to aply acl's to your vlan interfaces"

Actually ACL's we can define in L3 as per IP's am i right? is it enoughf

sorry if there any mistakes.

Regards,

Naidu.

Hall of Fame Super Blue

Re: To stop communcation among vlans at L3

Naidu

Not sure i understand. The ACL's are using IP addresses but the vlan interfaces are the SVI's (Switched Virtual Interface) which are the L3 interface on a L3 switch.

Jon

New Member

Re: To stop communcation among vlans at L3

Hi Jon,

Thanks a lot.Your input solved my problem.

My sincere thanks to you.

Reg,

Sushil

New Member

Re: To stop communcation among vlans at L3

Jon,

Yes your clear but i just bit confused.

Regards,

Naidu.

128
Views
10
Helpful
5
Replies
CreatePlease to create content