cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
953
Views
10
Helpful
4
Replies

Restricting router from connecting with some vlans

arontig
Level 1
Level 1

how do we restrict a router interfaces from directly connected to Some vlans? can any one help me to figureout?

the question is 

  • Router should not have interfaces directly connected to Vlan 30 and Vlan 40
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

If i understand correctly you looking to block between VLAN communication with ACL ?

 

snippet from notes :

 

 

!
access-list 30 deny ip source/mask destination/mask
access-list 30 perit ip any any
!
access-list 40 deny ip source/mask destination/mask
access-list 40 permit ip any any
!
int vlan 30
  ip access-group 40 in
!
int vlan 40
  ip access-group 30 in
!

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty
Hall of Fame
Hall of Fame
Unclear what you're asking, as normally, if we're talking about an "external" router, you need to, physically and/or logically, connect the router (somehow) to the VLANs (often via a trunk between a router and L2 switch). You just don't "connect" the VLANs you want to exclude. If your "router" is a L3 switch, you might have VLANs defined on the switch but without SVIs. As already noted by Balaji, you can selectively block, or block all, traffic to and/or from those VLANs using ACLs. In this cast, the VLANs are "connect" but traffic cannot move between them. Lastly, some devices support various forms of virtual L3. For those, something like VLANs 30 and 40 might be logically partitioned from all your other VLANs.

arontig
Level 1
Level 1
Sorry for making it a little bit unclear, I have the topology like below
[cid:adc88aea-b2e7-43dd-97a8-2fe994f31a69]

VLAN Table

VLAN

VLAN Name

10

Finance

20

Sales

30

HR

40

IT

99

Blackhole








so what I am looking for is, R2 should not have interfaces directly connected to Finance and Sales. How can we configure that?????

balaji.bandi
Hall of Fame
Hall of Fame

 

so what I am looking for is, R2 should not have interfaces directly connected to Finance and Sales. How can we configure that?????

 

there are couple of options .

1. you can make VRF to not to interact with each other (that is complicated for small kind of setup)

2. Terminate them different segment with FW in place (this is additional administration task to manage FW)

3. So the option i have given above is simple ACL which give you ability that both deparments  not communicated between Finance and sales at all.

in your case VLAN 10 and VLAN 20 - so change the ACL as per the requirement.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: