Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
7
Replies

Inter vlan routing

udayashankarsg
Level 1
Level 1

‎04-16-2007 05:43 AM - edited ‎03-03-2019 04:33 PM

Hi,

I'm using 6509 switch and created nearly 20 vlan's but all the vlan's are able to access each other. How do i block this without using access-list ?

Please help me is there any other option.Please find the show version of my switch.

Cisco Internetwork Operating System Software

IOS (tm) s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(18)SXF3, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by cisco Systems, Inc.

Compiled Tue 14-Feb-06 18:08 by kehsiao

Image text-base: 0x40101040, data-base: 0x42DA0000

ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)

BOOTLDR: s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(18)SXF3, RELEASE SOFTWARE (fc1)

Campus-core-sw1 uptime is 40 weeks, 1 day, 1 hour, 5 minutes

Time since Campus-core-sw1 switched to active is 40 weeks, 1 day, 1 hour, 4 minutes

System returned to ROM by power cycle (SP by power on)

System restarted at 18:01:00 IST Sun Jul 9 2006

System image file is "disk0:s72033-ipservicesk9_wan-mz.122-18.SXF3.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

cisco WS-C6509-E (R7000) processor (revision 1.2) with 458720K/65536K bytes of memory.

Processor board ID SMC1008007R

SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache

Last reset from power-on

SuperLAT software (copyright 1990 by Meridian Technology Corp).

X.25 software, Version 3.0.0.

Bridging software.

TN3270 Emulation software.

49 Virtual Ethernet/IEEE 802.3 interfaces

96 FastEthernet/IEEE 802.3 interfaces

36 Gigabit Ethernet/IEEE 802.3 interfaces

1917K bytes of non-volatile configuration memory.

8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x2102

Labels:
0 Helpful
7 Replies 7

minumathur
Level 1
Level 1

‎04-16-2007 06:04 AM

Hi

disable ip routing on switch and disable rip/ospf etc on switch, configure switch as L2 Vlan

I hope this will help you out, please rate this post.

-Minu

0 Helpful

yoguz
Level 1
Level 1

‎04-16-2007 06:06 AM

Hi,

6500 is a multilayer switch and routing is enabled by default. You can use VLAN ACL's to restrict routing between vlans.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a7e.html

0 Helpful

udayashankarsg
Level 1
Level 1
In response to yoguz

‎04-16-2007 07:20 AM

Hi,

These vlan's are advertised in WAN. Will there be any effect in WAN advertisement.Please find the vlan configuration and help me how can i disable ip routing.

description " vlan37 @ Campus "

ip address 172.25.37.2 255.255.255.0

no ip redirects

ip route-cache flow

0 Helpful

yoguz
Level 1
Level 1
In response to udayashankarsg

‎04-16-2007 07:29 AM

you have to use VLAN ACL's.

0 Helpful

Francis Garcia
Level 1
Level 1

‎04-13-2011 05:09 PM

Hi,

You can implement vrf-lite, in such way that no vlan can comunicate with each other, this is a great method and the traffic is totally isolated without needing vlan acl's or IP acls.

The configuration looks like this,

ip vrf vlan3

rd 1:3

ip vrf vlan4

rd 1:4

interface vlan 3

ip vrf forwarding vlan3

ip address x.x.x.x

interface vlan 4

ip vrf forwading vlan4

ip address x.x.x.x

This is the method that I use for isolating the voice vlan traffic from other vlans and It really looks more elegant.

Regard,

Francis

0 Helpful

Not applicable

‎04-13-2011 05:49 PM

Hi,

Since you stated How do i block this without using access-list ?

You would have to use Private VLANs, the major downside to this is the switch must be in transparent mode.

See; http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml

0 Helpful

Not applicable
In response to

‎04-13-2011 05:54 PM

If you want a base config let me know. I will say looking at the config will not make much sense unless you read the Cisco doc, so I recommend reading it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card