Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
801
Views
0
Helpful
4
Replies

Can ping devices on another VLAN

GertTimmerman
Level 1
Level 1

‎03-24-2016 02:09 AM

I have searched on the internet but i can't get it work properly. I have a Cisco SF200E 48P switch which i connect to Ubiquiti EdgeRouter X. I want to have 10 VLAN's which may not communicate with each other but share the same internet connection.

On the EdgeRouterX i configured the VLAN's and the DHCP servers of each VLAN. On the SF200E 48P switch i have configured also the VLAN's and i have connected de EdgeRouterX en the SF200E via the G1 Port. 

I have configured the G1 Port:

  • Interface VLAN Mode: Trunk
  • Native VLAN: Default VLAN (is 1)
  • Member of each VLAN (Tagged)

For each VLAN i have configured the interfaces:

  • Interface VLAN Mode: Access
  • Access VLAN: e.g. 10, 20, 30, etc.
  • VLAN Priority: 0
  • Member or the right VLAN (Untagged)

With these settings i get an IP in the DHCP range of the right VLAN, so that is correct. But i can ping devices on another VLAN and i want to have seperate LAN's which doesn't may communicate with each other.

What i have to do or what i am doing wrong?

Labels:
0 Helpful
4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

‎03-24-2016 02:38 AM

Hi

you would need to apply access-lists to prevent vlans from speaking to each other at ip layer between them.

Basically block 1 subnet from speaking to another subnet but allowed to speak to anything else

see section defining ipv4 acls

http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

0 Helpful

GertTimmerman
Level 1
Level 1
In response to Mark Malone

‎03-24-2016 08:57 AM

Okey, but unfortunately the 200 series don't have that possibility, i cant find it in the admin interface.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to GertTimmerman

‎03-24-2016 12:42 PM

The Layer 3 interface/gateway for each subnet is on your EdgeRouterX.

Preventing traffic from flowing from one subnet to another would have to be done there (if it supports that feature - a $49 router might not).

I recommend you check their forums or support staff for an answer.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to Marvin Rhoads

‎03-25-2016 01:29 AM

Yes as Marvin states needs to be done under the vlan interfaces on your layer 3 router not the cisco as its layer 2 and not doing the intervlan routing

0 Helpful
Customers Also Viewed These Support Documents