Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

some ports needs to acess 2 vlans

hi all,

i am having one scenario

i need to create 3 vlans like

vlan1-- sales

vlan2 --- tech

vlan3-- manager

what i need is sales and tech are need to access their own vlan but manager need to access all vlans

and gateway is single.

3 REPLIES
Hall of Fame Super Silver

Re: some ports needs to acess 2 vlans

Hello Cyril,

this can be done: the gateway provides inter-vlan routing.

To introduce connectivity limitations you need to deploy the appropriate ACLs.

vlan 1         -----> 10.10.10.0/24

vlan 2        ------> 10.10.20.0/24

vlan 3       ------> 10.10.30.0/24

access-list 101 permit ip 10.10.10.0 0.0.0.255 10.10.30.0 0.0.0.255

access-list 102 permit ip 10.10.20.0 0.0.0.255 10.10.30.0 0.0.0.255

int vlan 1

ip access-group 101 in

int vlan 2

ip access-group 102 in

note:

if you want to provide internet access you need modified ACLs like

access-list 111 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

access-list 111 permit ip 10.10.10.0 0.0.0.255 any

access-list 112 deny ip 10.10.20.0 0.0.0.255 10.10.10.0 0.0.0.255

access-list 112 permit ip 10.10.20.0 0.0.0.255 any

to be applied in place of the previuos ones

Hope to help

Giuseppe

New Member

Re: some ports needs to acess 2 vlans

hi,

i can use same method in layer 3 switch also

Hall of Fame Super Silver

Re: some ports needs to acess 2 vlans

Hello Cyril,

yes, actually I've provided example commands for a Cisco multilayer switch

the vlan x is the L3 interface associated to Vlan x (L2 broadcast domain) and they are called SVI switchted virtual interface

Hope to help

Giuseppe

188
Views
0
Helpful
3
Replies
CreatePlease to create content