02-06-2003 07:14 AM - edited 03-02-2019 04:51 AM
I am trying to configure multiple VLANs that will all have internet access, but for security purposes, I don't want any VLANs to talk to each other. How do I configure the router to do this. The router will be a 1710. Thanks
02-06-2003 09:35 AM
D,
You'll need to use access lists
access-list 101 deny ip (subnet a) (i-mask) (each other subnet or range of addresses) (i-mask)
access-list 101 deny ip (each other subnet or range of address) (i-mask) (subnet a) (i-mask)
access-list 101 permit ip any any
EXAMPLE:
subnet A = 10.0.1.0, Subnet B = 10.0.2.0
Both class C networks, Subnet mask = 255.255.255.0, imask = 0.0.0.255
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 101 deny ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
due this for each network you don't want to talk, end with
access-list permit ip any any
end
wr mem
int Fe0/0.1 (where each subnet exists...)
ip access-group 101 in
02-06-2003 09:41 AM
Thanks for the info. I don't have the hardware yet so i can't try it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: