Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Creating a 2 host Vlan & routing

Hello,

I have a 4503 Layer3 switch that acts as the VTP Server for my network. If I enter

config t

interface vlan 99

ip address 10.10.0.252 255.255.255.252

no shut

That would create Vlan 99 which would consist of a network with two valid host addresses at 10.10.0.253 and .254, right? All broadcasts by those two IP's would be limited to those two IP's, right?

And as far as the 4503 is concerned. Is there any way to block Vlan99 from routing to all other Vlans except for Vlan1 and Vlan22?

(i want 99 to comunicate with 1 and 22 only. but 1 and 22 to be able to communicate with ALL vlans)

Is this at all possible?

Thanx for any help

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Creating a 2 host Vlan & routing

You are wrong with the first line. when using a .252 mask, ip x.x.x.252 is a network address which cannot be assigned to an interface. If you have already tried this, you must have noticed that the 4503 refused the ip address, right? If you have a requirement for two hosts to communicate in this vlan, assign a .248 subnet.

The second part of your question can be answered positively: Yes, this is possible.

configure an ACL for vl99 that contains the ip sources in vl99 and the ip destinations for vl1 and vl22, then assign this as:

int vl 99

access-group XXX in

the access list should look like:

access-list XXX permit 10.10.0.248 0.0.0.7 (ip vl1) 0.0.0.255

access-list XXX permit 10.10.0.248 0.0.0.7 (ip vl22) 0.0.0.255

Regards,

Leo

3 REPLIES

Re: Creating a 2 host Vlan & routing

You are wrong with the first line. when using a .252 mask, ip x.x.x.252 is a network address which cannot be assigned to an interface. If you have already tried this, you must have noticed that the 4503 refused the ip address, right? If you have a requirement for two hosts to communicate in this vlan, assign a .248 subnet.

The second part of your question can be answered positively: Yes, this is possible.

configure an ACL for vl99 that contains the ip sources in vl99 and the ip destinations for vl1 and vl22, then assign this as:

int vl 99

access-group XXX in

the access list should look like:

access-list XXX permit 10.10.0.248 0.0.0.7 (ip vl1) 0.0.0.255

access-list XXX permit 10.10.0.248 0.0.0.7 (ip vl22) 0.0.0.255

Regards,

Leo

New Member

Re: Creating a 2 host Vlan & routing

Ohhh, I guess that was a dumb subnetting mistake on my part, my apologies.

Am I correct in saying this: While I could have used the same 255.255.255.252 mask, but upon assigning the Vlan99 interface a valid IP (10.10.0.253), I would have only had one valid IP left (x.254) before I got to the broadcast (x.255).

So in order to accomplish creating a Vlan that uses an IP and having two hosts, that would require 3 Valid Host IP's = 255.255.255.248, or the next smallest subnet.

That sound like a correct train of thought?

Oh, and the ACL looks perfect. Much more simple than I thought it would be.

Thanx much!

Re: Creating a 2 host Vlan & routing

You are correct. A subnet with a .248 mask has room for six hosts but this space includes one address for the default-gateway.

ACLs are not as difficult as they seem;-)

The trick with this solution is to define the ACL to filter incoming packets from vlan 10. You permit what is required and all else is implicitly denied.

It would have been much more complicated when you wanted to achieve the filtering on VL1 or 22.

Regards,

Leo

205
Views
0
Helpful
3
Replies
CreatePlease to create content