Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1801
Views
0
Helpful
4
Replies

Separating networks

Go to solution
beverhart
Level 1
Level 1

‎10-04-2021 10:13 AM

Hi, im working on a simulated project that has a building with 5 floors and 5 different departments. All departments must not be able to access each others networks. All departments share floors and access switches with other departments. I have uploaded an image of the drawing I have setup so far. I have it in packet tracer and have everything talking and everything seperated in respective vlans and subnets. But the problem is that everything can talk to everything because of routing. What would be the best way to separate everyone? ACLs? Im pretty new at this so any help would be appreciated

 

Regards

 

 

Labels:
Preview file
54 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-04-2021 10:24 AM

You do VLAN ACL or ACL to stop comminication between the VLAN IP address.

 

 

access-list 100 deny ip 128.38.10.0 0.0.0.255 128.38.20.0 0.0.0.255

access-list 100 deny ip 128.38.10.0 0.0.0.255 128.38.30.0 0.0.0.255

access-list 100 deny ip 128.38.10.0 0.0.0.255 128.38.40.0 0.0.0.255

access-list 100 deny ip 128.38.10.0 0.0.0.255 128.38.50.0 0.0.0.255

access-list 100 deny ip 128.38.10.0 0.0.0.255 x.x.x.x 0.0.0.255
access-list 100  permit ip any any

 

Interface vlan 10
ip access-group 100 in

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-04-2021 10:24 AM

You do VLAN ACL or ACL to stop comminication between the VLAN IP address.

 

 

access-list 100 deny ip 128.38.10.0 0.0.0.255 128.38.20.0 0.0.0.255

access-list 100 deny ip 128.38.10.0 0.0.0.255 128.38.30.0 0.0.0.255

access-list 100 deny ip 128.38.10.0 0.0.0.255 128.38.40.0 0.0.0.255

access-list 100 deny ip 128.38.10.0 0.0.0.255 128.38.50.0 0.0.0.255

access-list 100 deny ip 128.38.10.0 0.0.0.255 x.x.x.x 0.0.0.255
access-list 100  permit ip any any

 

Interface vlan 10
ip access-group 100 in

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
beverhart
Level 1
Level 1
In response to balaji.bandi

‎10-04-2021 11:16 AM

Thank you very much!!

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎10-04-2021 11:24 AM

Hello,

 

private Vlans would be an option. Packet Tracer does not support VACLs or private Vlans, so that is not really a good tool for testing. What physical hardware does your network consist of ?

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-05-2021 08:45 AM

Another option, for your L3 routing, is using VRF (sort of the L3 version of VLANs).

0 Helpful
Customers Also Viewed These Support Documents