i have cisco 3750 switch & created three vlans on that switch vlanA is 172.16.1.1/24,vlanB is 172.16.2.1/24 & vlanC is 172.16.3.1/24.cisco 3750 switch is connected to firewall(trust Zone) & another arm is connected to router(untrust zone) & router is connected to internet.in VlanA(trust) zone i had connected my server which is in trust zone.VlanB is corpoarte user & VlanC is engineering users.
my issue is Vlan A cannot communicate to VlanB & VlanC & vice versa.but certain user requires access to VlanB & vlanC Vlan A & i shoould accesss internet on all vlan.How can i stop intervlan routing(without access-list)
u have created vlans in 3750 ur requirement is vlan a,b & c should not communicate each other, where as vlan a,b & c should access the servers & internet, isn't? if that is the case then u need 2 create access-list & no other options for that.
You need to enter the commadn IP ROUTING if it is not already turned on. If you have already created vlan interfaces on the switch for each vlan and you can ping between the vlan interface and the clients but the clients cannot ping each other then it is routing issue. If the client machines have their default gateway configured correctly then it must be the switch that is at fault.
Now on my security soapbox. You should never connect the trust zone and untrust zone to the same switch. Your firewall should be resposible for all routing between trust and untrust. Even if you keep the routing correct you still allow a way around the firewall due to bugs or misconfiguration of the switch.
A simple example. If you allow your switch ports to run in default configuration a user can take a PC and define a 802.1q trunk on his PC and put himself on any vlan he choose.... turst,untrust etc etc.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.