It is certainly possible to configure 4 VLANs on the 3560 and to have each of them route to the Internet. You could route them on the switch (with a routed link to the router and with a default route on the switch pointing to the router for Internet access) or you could turn off IP routing on the switch, configure the link from the switch to the router as a trunk, and have the routing done on the router. In this case traffic from each VLAN would go over the trunk to the router interface where the routing would be done.
The other part of your requirement (if I understand correctly) is that each VLAN should have access to the Internet but no access to any of othe other VLANs. You would accomplish this by configuring appropriate access lists. The access lists would be configured on whichever device was doing the routing for the VLANs (it could be the switch or it could be the router).
Do I need to create acl to stop communication among vlans in both the cases?
I configured routed port on switch.Turned on ip routing.created vlans and differnet acl to stop communication among vlans.
Would like to know if I create trunk port b/w switch and router and turn off the ip routing on the switch(switch will behave like L2).VLans should be on switch or router?
Here agian do I need to create acl as well to stop intervlan communication?
What will be config like in this case if it is on switch.
Here is one separate question based on best performance.
Suggest me which one is the best practice to have vlans.Should one have vlans on subinterfaces on router or on your switch.My vlan size can go more than 10 and also need to run dhcp per vlan.Where should I create vlan?
You can do the routing on either the switch or on the router. Where ever you do the routing you will need the access lists. The default in routing is to route traffic between the vlans. If you want to stop traffic between vlans (only allow traffic out to the Internet) then you need to configure access lists to restrict the traffic. This is true whether you are routing on the switch or routing on the router.
It is more common (and perhaps would be best practice) to route the vlans on the switch.
I do not understand your question about where to create the vlans. Your original question was about where to route for the vlans and I understand that. But I do not understand the question about where to create vlans. It seems obvious to me that vlans are created on the switch. Is there some aspect of your question that I am not understanding?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...