01-09-2006 01:55 PM - edited 02-21-2020 12:37 AM
I'm new to this so please forgive my ignorance. My question: How can I set up two VLANs that maintain security between the two (VLAN1 cannot access VLAN2 and vice versa). We have a Cisco 1721 router (ver 12.3) and a HP Procurve 2524 switch. Do I have to configure both the switch and router for this, i.e. both router and switch have the same VLAN configuration? I would appreciate any config examples, help or advice you can give.
01-13-2006 05:48 PM
Hello,
welcome to the forum. Now about your questions: if you want to separate VLANs you do not need a router.
two VLANs are separated in a switch and can only communicate with each other through a router.
Please refer to your HP documentation on how to setup two VLANs in a HP switch.
For a Cisco router you can setup two VLAN subinterfaces and control connectivity through access-lists.
In the example below VLAN 10 and 20 will not communicate but all other traffic is allowed.
interface FastEthernet0
no ip address
interface FastEthernet0.10
description VLAN 10
ip address 10.1.1.1 255.255.255.0
encapsulation dot1q 10
ip access-group 110 in
interface FastEthernet0.20
description VLAN 20
ip address 10.2.2.1 255.255.255.0
encapsulation dot1q 20
ip access-group 120 in
access-list 110 deny ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255
access-list 110 permit ip 10.1.1.0 0.0.0.255 any
access-list 120 deny ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 120 permit ip 10.2.2.0 0.0.0.255 any
Hope this helps! Please rate all posts.
Regards, Martin
01-13-2006 08:50 PM
Thanks for the help! I appreciate it!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide