Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLNAs

I have a router with3 VLANs, VLAN2,3 4.

The servers are on VLAN2 and the clients are on VLAN 3 and 4. I want communication between VLAN 2 and 3 and communication between VLAN 2 and 4, but NO access between VLAN 3 and 4. There is approx 500 clients each on VLAN 3 and 4 so manually configuring access-lists is not an option. Can I block the traffick at layer3?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VLNAs

Hello,

the only solutions I remember is:

access lists:

You say that you don't want it, but you don't have to put 500 rules!! Example:

Router(config)#access-list 10 deny vlan4 (source net) vlan3 (destination net) out

This list can bound on the interface, where vlan3 is.

If you want this solution, write a few more infos, so I can create the acls...

4 REPLIES
New Member

Re: VLNAs

Hello,

the only solutions I remember is:

access lists:

You say that you don't want it, but you don't have to put 500 rules!! Example:

Router(config)#access-list 10 deny vlan4 (source net) vlan3 (destination net) out

This list can bound on the interface, where vlan3 is.

If you want this solution, write a few more infos, so I can create the acls...

New Member

Re: VLNAs

Thanks! I have never used acls, so I didn't know exactly how they work. But I will read more about it.

New Member

Re: VLNAs

Bronze

Re: VLNAs

I assume you're using a trunk interface on the router, one subinterface per VLAN, and that each VLAN is a different subnet. You can easily block at the subnet level rather than by individual IPs in this case. For example, you could apply an outbound ACL on the VLAN3 subinterface which blocks traffic to VLAN4's subnet, and permits everything else.

VLAN3: 10.0.1.0/24

VLAN4: 10.0.2.0/24

access-list 101 deny ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255

access-list 101 permit ip any any

97
Views
0
Helpful
4
Replies
CreatePlease login to create content