VLAN setup

dbrunsting · ‎01-09-2006

I'm new to this so please forgive my ignorance. My question: How can I set up two VLANs that maintain security between the two (VLAN1 cannot access VLAN2 and vice versa). We have a Cisco 1721 router (ver 12.3) and a HP Procurve 2524 switch. Do I have to configure both the switch and router for this, i.e. both router and switch have the same VLAN configuration? I would appreciate any config examples, help or advice you can give.

mheusinger · ‎01-13-2006

Hello,

welcome to the forum. Now about your questions: if you want to separate VLANs you do not need a router.

two VLANs are separated in a switch and can only communicate with each other through a router.

Please refer to your HP documentation on how to setup two VLANs in a HP switch.

For a Cisco router you can setup two VLAN subinterfaces and control connectivity through access-lists.

In the example below VLAN 10 and 20 will not communicate but all other traffic is allowed.

interface FastEthernet0

no ip address

interface FastEthernet0.10

description VLAN 10

ip address 10.1.1.1 255.255.255.0

encapsulation dot1q 10

ip access-group 110 in

interface FastEthernet0.20

description VLAN 20

ip address 10.2.2.1 255.255.255.0

encapsulation dot1q 20

ip access-group 120 in

access-list 110 deny ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255

access-list 110 permit ip 10.1.1.0 0.0.0.255 any

access-list 120 deny ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 120 permit ip 10.2.2.0 0.0.0.255 any

Hope this helps! Please rate all posts.

Regards, Martin

dbrunsting · ‎01-13-2006

Thanks for the help! I appreciate it!