Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VLAN restriction

Hi, is there any way to restrict access users from one vlan to another, without ACL on Vlan Interfaces, without VACL and without PVLAN. All this methods are good but huge. I need something simple, like on trunk ports:

switchport trunk allowed vlan ...

but it should be on vlan level...something like...this...

for instance

vlan 2

ip access-group 100

ip access-list 7000

10 deny ip vlan2 vlan3

..................

something like that

thanks

1 REPLY
Cisco Employee

Re: VLAN restriction

PVLAN, VACLS are designed for this sepcific requirement what you are looking for. Without these features might be hard to achieve what you want. You can use "protected port" feature if it is specific about some applications that you want to be restricted.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_44_se/configuration/guide/swtrafc.html#wp1175133

On a lighter note, easiest would be not to configure the SVI for the vlans and let the firewall route the traffic between the vlans and have the firewall restrict that.

Cheers,

243
Views
0
Helpful
1
Replies
CreatePlease to create content