Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Inter VLAN routing and configuration.

I have a topology like this.Five L2 Switchs have the VLAN 1 and VLAN 2...Rquiremet is VLAN 1 and 2 shud be able to access the internet.

VLAN 1 shud Have access to all servers.

VLAN 2 Must have access to only Four servers (SQL,FTP,MAIL,HTTP) except E-Lab server.What could be the configuration in layer 3 switch and also the router 1841.please provide the complete configuration for this topology

  • WAN Routing and Switching
12 REPLIES
New Member

Re: Inter VLAN routing and configuration.

Hi,

Use extended access list denying traffic from vlan 2 subnet to the ip of E-Lab server and permitting all other traffic. Apply this to both the i/fs connecting to switches, in incoming direction.

This should not allow vlan 2 traffic to e-lab server. Traffic to all other destinations should be reachable.

ACL will not effact vlan 1. Both vlans will be able to send traffic to the router and access internet. Also, intervlan communication will take place via L3 switch. Both the vlans interface have to be created on L3 Switch,which will act as g/w for the L2 switches for the respective vlans.

Rgds,

Dhiren Shah

New Member

Re: Inter VLAN routing and configuration.

Can you please explain with command for this topology? Any example

Hall of Fame Super Blue

Re: Inter VLAN routing and configuration.

Hi

What vlan are the servers on ?

Where is the inter-vlan routing between vlan 1 & 2 done - is it on the 3560 switch or the 1841 router.

What are the IP address ranges for

vlan 1

vlan 2

server vlan (if different)

Jon

New Member

Re: Inter VLAN routing and configuration.

Hi,

Given below is the sample config.. Try and see if it works.

All the config is to be done on the L3 Switch.

Intervlan routing will take place on L3 switch.

vlan 1: 192.168.1.0 255.255.255.0

vlan 2: 192.168.2.0 255.255.255.0

E-lab server ip: 192.168.5.1 255.255.255.0

interface vlan 1

no shut

ip address 192.168.1.1 255.255.255.0

interface vlan 2

no shut

ip address 192.168.2.1 255.255.255.0

ACL cmd:

access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.5.1 0.0.0.0

access-list 101 permit any

On i/f (f.e. fa0/0, fa0/1):

conf t

int fa0/0

ip access-group 101 in

int fa0/1

ip access-group 101 in

New Member

Re: Inter VLAN routing and configuration.

Thanks I got it

int fa0/0

ip access-group 101 in

int fa0/1

ip access-group 101 in

The above shown Ethernet ports are connected to trunk port? Or it's connected to E-Lab server

New Member

Re: Inter VLAN routing and configuration.

Hi,

yes, they are trunk ports and not the port connecting to server.

__Dhiren

New Member

Re: Inter VLAN routing and configuration.

but what about NATing? where and how it will be implemented ?

In the above example the Access list has been implemeted on fa 0 and 1. I think these are L2 interfaces.. can we apply an IP ACL on a L 2 interface ?

New Member

Re: Inter VLAN routing and configuration.

Hi,

No, ACL cant be implemented on l2 ports.. But, can be implemented on vlan i/f. So, in the config suggested earlier, i/f vlan 2(the concerned vlan for which access to e-lab router is to be restricted) has to be applied with ACL.

New Member

Re: Inter VLAN routing and configuration.

and what about NATing? where and how it will be implemented ?

In case of 2 ISPs how it will be implemented to loadbalance the traffic b/w the two links

404
Views
0
Helpful
12
Replies
This widget could not be displayed.