Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Stop Routing Between VLANS but still allow access to Internet

I have to setup 32 Vlan, which will represent 32 seperate offices. I wish to allow each of the VLANs to access the internet and VLAN 1, but not to access the other client VLANs.

Does any know if this is possible?

Thanks in Advance

4 REPLIES
New Member

Re: Stop Routing Between VLANS but still allow access to Interne

Yes, apply ACL to RSM.

New Member

Re: Stop Routing Between VLANS but still allow access to Interne

Sorry I should have explained this better,

it is going to be an external 2651 w/ daul 10/100 ports and 2 x Cisco 2950T 24 x 10/100 2x 10/100/100

Would I have to apply access list to each virtual interface?

New Member

Re: Stop Routing Between VLANS but still allow access to Interne

Yes. You have to enable ip routing for other VLAN to access VLAN 1 and Internet, and ACL must be used to block traffc between those VLANs.

For example, if you use following address scheme:

VLAN1: 192.168.1.0 /24

VLAN2: 192.168.2.0 /24

...

VLAN32: 192.168.31.0 /24

Configuration of the router:

interface f0/1.2

encapsulation dot1q 2

ip address 192.168.2.254 255.255.255.0

ip access-group 101 in

interface f0/1.2

encapsulation dot1q 3

ip address 192.168.3.254 255.255.255.0

ip access-group 101 in

access-list 101 permit ip any 192.168.1.0 0.0.0.255 ;allow VLAN 1 access

access-list 101 deny ip any 192.168.0.0 0.0.31.255 ; deny traffic to other VLANs

access-list 101 permit ip any any ; allow Internet access

New Member

Re: Stop Routing Between VLANS but still allow access to Interne

Thank you very much

839
Views
0
Helpful
4
Replies
CreatePlease login to create content