Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
4
Helpful
5
Replies

how to control intervlan routing on cat 4506?

MJonkers
Level 1
Level 1

‎03-30-2006 09:53 AM - edited ‎03-03-2019 02:34 AM

Hi,

A question about routing. When I have different VLAN´s on the Layer 3 switch and I use IP ROUTING command all VLAN´s are routed. So one client in a VLAN can speak to a client from an other VLAN. But what if I want to protect one VLAN from being routed?

Is it possible to route all VLAN except some?

thx,

Marc

Labels:
0 Helpful
5 Replies 5

pkhatri
Level 11
Level 11

‎03-30-2006 09:56 AM

Marc,

The switch will only route VLANs for which you have enabled a layer 3 VLAN interface. Therefore, one option is not to create a VLAN interface for this VLAN. The other option is to create the VLAN and apply an access-list to prevent inter-vlan traffic.

I would think that the first option would be much simpler.

Hope that helps - pls rate the post if it does.

Paresh

kradjesh13
Level 1
Level 1
In response to pkhatri

‎04-02-2006 06:14 PM

Hi Paresh,

Considering that Marc uses 3550 L3 switch and on enabling ip routing, the inter vlan routing will be enabled.

In that case, can't we use

switchport trunk allowed vlan 1,2.. in this case it will allow just 1,2 and will avoid all others.

Thanks

Rajesh

0 Helpful

pkhatri
Level 11
Level 11
In response to kradjesh13

‎04-02-2006 06:24 PM

Rajesh,

That won't quite work. Just because you have enabled ip routing does not mean that you start routing for all VLANs. You do need layer-3 interfaces because routing only occurs between layers 3 interfaces. The term inter-vlan routing is probably a mis-nomer in that sense. It just happens that VLANs generally demarcate IP subnets ...

Paresh

0 Helpful

trackme
Level 1
Level 1

‎04-03-2006 11:39 PM

yes, you can do that, what you need to do is , for that vlan which you dont need to route, all you need to do is dont give any ip address or enable that interface.

A vlan will be routed only when its interface is up along with an IP assigned. So if you want to keep that vlan as a separate switch then u should not give the ip address or enable that intetrface etc;

i have done this where certain networks will be announced and certain networks will not be routed, so if i have 5 vlans, and want to route only 3 vlans, all i do is create 3 vlan interface only with ip's.

Hope this helps.

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎04-04-2006 04:27 AM

If you do not want to route a vlan simply do not create a layer 3 SVI for that particular and it will not be routed .

0 Helpful
Customers Also Viewed These Support Documents