Hi, I succesfully setup InterVlan using one catalyst 3500 XL with 2811 Router (with 16 ethernet ports module). I created a lot of VLANs with different IP segment each one, but I want to denied access between certain VLANS.
I have VLAN 103 (Managment) and VLAN 101 (Warehouse), I want that both vlans have access to VLAN 500 (Servers) but no between them.
If you have created the VLANs and have configured appropriate routing so that they can communicate with each other and now you want to restrict some access you would need to create some access lists and apply those access lists to the layer 3 interfaces where the routing is being done.
You have not indicated what IP addressing you are using so we can not create exact examples. But assuming that VLAN 101 is using addresses in 172.16.101.0 and that VLAN 103 is using addresses in 172.16.103.0 then the access lists might look something like this:
access-list 101 deny ip 172.16.103.0 0.0.0.255 any
access-list 101 permit ip any any
access-list 103 deny ip 172.16.101.0 0.0.0.255 any
access-list 103 permit ip any any
Then on the layer 3 interface for VLAN 101 you would configure:
ip access-group 101 in
and on the layer 3 interface for VLAN 103 you would configure:
ip access-group 103 in
These access lists will not let any traffic sourced from VLAN 103 to get into VLAN 101 and will allow all other traffic. And it will not let any traffic sourced from VLAN 101 to get into VLAN 103 and will allow all other traffic.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...