Vlans Private vlans/VACL ?

CSCO11140986 · ‎12-07-2011

Hi,

In an orginzation has 85 + vlans, vlans are as follows

Vlan 2 managment

Vlan 4 Dmz

Vlan 6 voice

vlan 8 wireless

vlan 10 Server

vlan 11 - 80 Users/employees

and 81 - 85 not yet used

switch: 4507

the requirement here is Users vlan should only have a communcation with Server vlan, no user vlan should not commuicate with any other user vlan and neither with any other vlan. Dmz vlan should not have communcation wit any vlans even Server. I tried using PRIVATE vlans, no luck, I think it only work with in A vlan, I mean in 1 subnet Network, any better soluation guys, quick reply will be higly appreciated

Thanks

Latchum Naidu · ‎12-07-2011

Hi Mizra,

You can use extended access-lists accordingly to achieve this concept.

see the below example.

Users vlan should only have a communcation with Server vlan, no user vlan should not commuicate with any other user vlan and neither with any other vlan.

int vlan 80
desc user
ip 192.168.2.1
ip access-group user-vlan in

int vlan 10
desc server
ip 192.168.3.1
ip access-group server-vlan in

ip access-list ext user-vlan
permit any 192.168.3.0 0.0.0.255
deny any any

ip access-list ext serverr-vlan
permit any 192.168.2.0 0.0.0.255
deny any any

Please rate the helpfull posts.
Regards,
Naidu.

CSCO11140986 · ‎12-08-2011

thanks dude,

It worked but only 1 problem, I have internet on server vlan I hope all users will able to access internet from Server Vlan, I didn't try yet with internet. I will update the post again

Regards

Mirza