Stop Routing Between VLANS but still allow access to Internet

steven_alilovic · ‎02-21-2002

I have to setup 32 Vlan, which will represent 32 seperate offices. I wish to allow each of the VLANs to access the internet and VLAN 1, but not to access the other client VLANs.

Does any know if this is possible?

Thanks in Advance

hua.wei · ‎02-21-2002

Yes, apply ACL to RSM.

steven_alilovic · ‎02-21-2002

Sorry I should have explained this better,

it is going to be an external 2651 w/ daul 10/100 ports and 2 x Cisco 2950T 24 x 10/100 2x 10/100/100

Would I have to apply access list to each virtual interface?

hua.wei · ‎02-21-2002

Yes. You have to enable ip routing for other VLAN to access VLAN 1 and Internet, and ACL must be used to block traffc between those VLANs.

For example, if you use following address scheme:

VLAN1: 192.168.1.0 /24

VLAN2: 192.168.2.0 /24

...

VLAN32: 192.168.31.0 /24

Configuration of the router:

interface f0/1.2

encapsulation dot1q 2

ip address 192.168.2.254 255.255.255.0

ip access-group 101 in

interface f0/1.2

encapsulation dot1q 3

ip address 192.168.3.254 255.255.255.0

ip access-group 101 in

access-list 101 permit ip any 192.168.1.0 0.0.0.255 ;allow VLAN 1 access

access-list 101 deny ip any 192.168.0.0 0.0.31.255 ; deny traffic to other VLANs

access-list 101 permit ip any any ; allow Internet access

steven_alilovic · ‎02-21-2002

Thank you very much