01-24-2023 01:03 PM
Good morning dear community, I have a problem for which you may have an answer.
It turns out that I have a topology like this, my problem is: I want the existing vlans to get IP addresses through DHCP and that forces me to make sub interfaces, but when I do this configuration, the consequence is that different vlans have connection, I don't want them to connect to each other, but I want them to get DHCP from the router.
What is the solution to this problem?Topology
Solved! Go to Solution.
01-24-2023 02:05 PM
if you do not like to connect to each other you need to apply IP ACL on the interfaces each to block and rest allow.
example :
ip access-list extended myblock-list
deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 (example vlan 20 192.168.2.0 vlan 30 192.168.3.0)
....
permit IP any any
interface gig 1/1.10
ip access-group myblock-list in
01-24-2023 02:05 PM
if you do not like to connect to each other you need to apply IP ACL on the interfaces each to block and rest allow.
example :
ip access-list extended myblock-list
deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 (example vlan 20 192.168.2.0 vlan 30 192.168.3.0)
....
permit IP any any
interface gig 1/1.10
ip access-group myblock-list in
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Navegue y encuentre contenido personalizado de la comunidad