Thanks for your Help EdisonOrtiz. This document does not seem to cover the 3700 series routers. I an unable to complete any of these commands. Any thoughts?

I'm sorry, I read too fast I thought you were talking about a 3750 switch.

You will need to implement PBR (Policy Based Routing).

Can you give us a quick network layout on what you want to do ?

I have 5 locations with P2P t1 to our main location. I have created a new VLAN at our main location (1) and location number (3). What i need to do is have vlan 54 in location 1 and 3, and i'm using the 3725 router to route accross the t1 line. I would not like an other vlan or location, pretty much any other piece of equipment to be able to talk to vlan 54 other than what is in the vlan 54 subnets. Again, i really appriciate the help

Are you routing or bridging this VLAN ? I'm a little confused when you mentioned having VLAN54 on two separate locations.

It seems that you are routing with other 5 locations therefore you can't bridge and route ip on the same router.

I don't believe any bridging is going on. We already have vlan10 and vlan20 accross our entire network (all locations)

So you can't extend this VLAN over the T1 as you stated in your initial post, you will have to route it.

You can protect this VLAN on the hub location by connecting it to fa0/1 on the 3725 Router (I believe you are already using fa0/0 for the rest of the networks) and implement the necessary ACLs.

Can you give me an example of what the ACLs should look like to restrict communication only over the t1?

Have 35 hosts connected to a 4506 switch. I need these hosts to be separated from the rest of the network. I also will have 7 hosts in a another location already connect via t1 to a serial interface on our 3725 router. Created a vlan on the 4506. As soon as i created a subinterface on the router, everyone can connect to that vlan. i am trying to restrict that so that it only goes over the t1 to the other location with the same vlan.

1) Create a layer 2 vlan in the 4506 switch for those 35 hosts.

2) The router has 2 LAN ports. Connect the second LAN port to a port on that VLAN and assign an IP, this will be the default gateway for hosts on that VLAN.

3) Create ACLs on that fastethernet interface, example:

fa0/1

ip access-group 101 in

access-list 101 permit ip [remote VLAN] [siteA VLAN]

4) Do the same at the other end.

Please rate helpful posts.

Thanks

Thanks EdisonOrtiz, I applied the following config changes but still can pin an ip address in this subnet from my workstation in another subnet. What am i doing ront. i used a subinterface of fa0/0

access-list 154 permit ip 10.83.0.64 0.0.0.63 10.83.0.0 0.0.0.63

interface FastEthernet0/0.54

encapsulation dot1Q 54

ip address 10.83.0.1 255.255.255.192

ip access-group 154 in

end

interesting, try

no ip route-cache

on that inferface and also turn debugging against ACL 154 to see if it's going thru the ACL.

You don't have fa0/1 available for this VLAN ?

No, i do not have int fa0/1 available. I tried no ip route-cache and also debug ip packet 154 detail and i didn't see anything come through