Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

inter vlan configure in 3650 switch

how i can configure like this type of vlan communication...

vlan10 communicate only vlan20 ,vla30,vlan40,vlan50 but vlan 20,vlan30,vlan40,vlan 50 not communicate each other .

9 REPLIES
New Member

Re: inter vlan configure in 3650 switch

hi,

you can achieve this by configuring ACLs and applied that ACL's to the interface VLAN.

Thanks

New Member

Re: inter vlan configure in 3650 switch

hi sir,

already i had configure access list vlan10 access vlan20(ip),vlan30(ip).vlan40(ip) ,vlan50(ip)...but still it not working and also not access internet by indivisual vlan..

kindly help me how i can do this task

New Member

Re: inter vlan configure in 3650 switch

can you post me your configuration

New Member

Re: inter vlan configure in 3650 switch

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

!

interface FastEthernet0/11

switchport access vlan 20

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

!

interface FastEthernet0/12

switchport access vlan 20

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

!

interface FastEthernet0/13

switchport access vlan 20

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

interface Vlan10

ip address 192.168.10.1 255.255.255.0

!

interface Vlan20

ip address 192.168.20.1 255.255.255.0

!

interface Vlan30

description soc vlan

ip address 192.168.30.1 255.255.255.0

!

New Member

Re: inter vlan configure in 3650 switch

hi,

you have to apply access-list to the interface VLAN. you should to to global configuration mode then to interface vlan 10 then apply access list there e.g

Interface vlan 10

ip access-group

interface vlan 20

ip access-group

you have to apply to it to the SVI interface.

rate if helpful

Thanks

New Member

Re: inter vlan configure in 3650 switch

sir i am send ing the config plz check it

New Member

Re: inter vlan configure in 3650 switch

Your config is not correct, you may want to check a site like http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml.

Your entry on VLAN 10 (ip access-group 101 in) actually means that you allow all traffic from 192.168.10.0 to 192.168.10/20/30.0 into VLAN 10. Since this interface will never receive traffic from 192.168.10.0 since this is the subnet of VLAN 10, the statement has no effect.

You need a single entry on each VLAN interface except Vlan 10:

interface Vlan20/30/40/50

ip address 192.168.xx.1 255.255.255.0

ip access-group 101 out

access-list 101 permit ip any 192.168.10.0 0.0.0.255

This means only traffic to 192.168.10.0/24 can leave VLAN20. All other traffic is denied (implicit deny at the end of the ACL).

You do not need an ACL on VLAN 10 as VLAN can send and receive to all other VLANs.

HTH, Thomas

New Member

Re: inter vlan configure in 3650 switch

I think here, we can use the concept of Private vlans.. Vlan 10 interface ports should be Promiscous mode and all the other vlan ports should be isolated vlans

New Member

Re: inter vlan configure in 3650 switch

I agree that it is possible, but it would have the following consequences:

- all VLANs must be reconfigured: VLAN 10 as primary VLAN, and the other VLANs as secondary VLANs

- all hosts in the new Private VLAN configuration will share the same IP subnet

- all hosts in the new Private VLAN configuration will be able to communicate with each other at L3. Private VLANs only provide Layer 2 traffic separation.

We would need to understand in more details what is needed here to make a choice.

Regards, Thomas

2543
Views
0
Helpful
9
Replies
CreatePlease to create content