A question about routing. When I have different VLAN´s on the Layer 3 switch and I use IP ROUTING command all VLAN´s are routed. So one client in a VLAN can speak to a client from an other VLAN. But what if I want to protect one VLAN from being routed?
The switch will only route VLANs for which you have enabled a layer 3 VLAN interface. Therefore, one option is not to create a VLAN interface for this VLAN. The other option is to create the VLAN and apply an access-list to prevent inter-vlan traffic.
I would think that the first option would be much simpler.
That won't quite work. Just because you have enabled ip routing does not mean that you start routing for all VLANs. You do need layer-3 interfaces because routing only occurs between layers 3 interfaces. The term inter-vlan routing is probably a mis-nomer in that sense. It just happens that VLANs generally demarcate IP subnets ...
yes, you can do that, what you need to do is , for that vlan which you dont need to route, all you need to do is dont give any ip address or enable that interface.
A vlan will be routed only when its interface is up along with an IP assigned. So if you want to keep that vlan as a separate switch then u should not give the ip address or enable that intetrface etc;
i have done this where certain networks will be announced and certain networks will not be routed, so if i have 5 vlans, and want to route only 3 vlans, all i do is create 3 vlan interface only with ip's.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...