Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VLANs Routing/Access-list intresting problem

I have cisco WS-C3550-24-SMI running ip routing.

I have three customers and they fall in their own valns as listed:

interface FastEthernet0/10

switchport access vlan 10

no ip address

spanning-tree portfast

interface Vlan10

description cust2

ip address 1.1.6.37 255.255.255.252

ip access-group inbound in

ip access-group outbound out

interface FastEthernet0/11

switchport access vlan 11

no ip address

spanning-tree portfast

interface Vlan11

description cust3

ip address 1.1.7.41 255.255.255.252

ip access-group inbound in

ip access-group outbound out

Than I have another vlan the one pointing to router

interface FastEthernet0/1

switchport access vlan 14

no ip address

load-interval 30

duplex full

speed 100

spanning-tree portfast

interface Vlan14

description wireless

ip address 192.168.1.1 255.255.255.0

ip access-group inbound in

ip access-group outbound out

This all worked fine. The problem is there is traffic on physical ports and I can't see traffic on VLAN. For example when I execute this command show interface vlan 14. I just some kb traffic while there is more than 10Mb traffic on Fe 0/1. Same for other vlans.

Also access-lists are not working proprely. How do you guys use switches when you need to use your switch as intervlan router and access-lists on vlan or port bases?

2 REPLIES
Hall of Fame Super Blue

Re: VLANs Routing/Access-list intresting problem

Hi

Bear in mind that you will only get traffic going across the vlan interface if it needs to be routed. So a server within the vlan communicating with another server in the same vlan will not traverse the layer 3 vlan interface.

You should apply access-lists to your vlan interfaces if you want to filter traffic between vlans. Best way to think of it is

Inbound access-list on vlan interface is traffic coming from that vlan and being routed off to another destination.

Outbound access-list on vlan interface is traffic coming from a remote destination and being routed onto the vlan.

HTH

Jon

Community Member

Re: VLANs Routing/Access-list intresting problem

Hi, Thanks for reply.

My customer traffic is internet traffic and being forward/routed to upstream router. As you said I will see all L3 routed traffic in vlan interface but in my case I can't and I don't know exactly why it is.

I don't want to filter traffic between vlan, I wana filter all internet traffic which is being routed to upstream L3 on vlan interfaces for individual customer vlan.

124
Views
0
Helpful
2
Replies
CreatePlease to create content