Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN Access

I have begun installing VLANs on a network. They had a network before and it ran on VLAN 5. Printer computers wireless and other devices are on this network that is shared with 12 other building. The default router is in another county hich I have moved to the point of internet access. They have a gigabit connection connecting all the building together.

I am putting a /16 subnet at each building and the whole network will be route able using

The building I am currently working on has a network of I setup a lab and everything is working with DHCP, DNS, Imaging and logging and have statically set the VLANs on the switches, VLAN 25. But the admin here wants to use the network an address on VLAN 5, to go around filters for workstations installing updates and other issue that might a rise with the filters. They need to use this at all the building. There is a route in the firewall that will allow this schema out and forces everyone else to the filters.

The problem is when he put the IP /16 gateway on the machine their are not able to connect. This is do to it being on the VLAN 25. How can their access this schema to go around the filters?

I can setup the route on the firewall but don't want to have to make a block for ever lab to allow unlimit access if someone can figure that out.

Cisco Employee

Re: VLAN Access


I am sorry but I do not quite follow you. Are you saying that the computers are in VLAN25 but the administrator is in VLAN5 and wants to have unlimited access to machines in the VLAN25?

Please try to reexplain - perhaps a brief example in means of IP addresses and VLANs would be helpful.

Best regards,


New Member

Re: VLAN Access

The problem is their network is on a flat network for the 12 location. The were complaining about poor speed and performance, so I created a lab to show them how it could help with both and be managed. That's when they freaked about not able to use the IPs.

On there network, they had the range that allowed them out to the internet without a filter. This is used for tech support through out the company for troubleshooting. I guess they have problems with their proxy servers a lot. On the firewall on the inside interface they have;

access-list 120 permit ip any

access-list 120 permit ip any

access-list 120 permit ip any

access-list 120 permit ip any

access-list 120 deny ip any

nat (in) 1

global (out) 1

global (out) 1

global (out) 1 interface

But I can't get out using the network.

I recently found out that the ISP had given them the address. The internet provider is hosting some of there Database servers. I can not access the databases or internet without going through the internal Proxy. It is in the access list allowed out.

With all that, the basic question is how can I make a way for them to get around the filters if I have lets say 50 VLANs that are /24. I don't want to make a group in the range and they don't want to have change VLANs back and forth. I don't know of anything that can be configured on the switches to allow it.

I don't think there's anything they can do, besides make another proxy server and have it open.

The equipment in use are:


6500 sw

3560 sw

2960 sw

Also using cisco phones but thats on a differnt VLAN.