Solved: VLNAs

s.hellman · ‎02-25-2004

I have a router with3 VLANs, VLAN2,3 4.

The servers are on VLAN2 and the clients are on VLAN 3 and 4. I want communication between VLAN 2 and 3 and communication between VLAN 2 and 4, but NO access between VLAN 3 and 4. There is approx 500 clients each on VLAN 3 and 4 so manually configuring access-lists is not an option. Can I block the traffick at layer3?

bpotschien · ‎02-25-2004

Hello,

the only solutions I remember is:

access lists:

You say that you don't want it, but you don't have to put 500 rules!! Example:

Router(config)#access-list 10 deny vlan4 (source net) vlan3 (destination net) out

This list can bound on the interface, where vlan3 is.

If you want this solution, write a few more infos, so I can create the acls...

View solution in original post

bpotschien · ‎02-25-2004

Hello,

the only solutions I remember is:

access lists:

You say that you don't want it, but you don't have to put 500 rules!! Example:

Router(config)#access-list 10 deny vlan4 (source net) vlan3 (destination net) out

This list can bound on the interface, where vlan3 is.

If you want this solution, write a few more infos, so I can create the acls...

s.hellman · ‎02-25-2004

Thanks! I have never used acls, so I didn't know exactly how they work. But I will read more about it.

bpotschien · ‎02-25-2004

Here is a link for understanding access lists:

http://www.cisco.com/en/US/products/sw/conntsw/ps491/products_configuration_guide_chapter09186a00801cc93d.html

tbaranski · ‎02-26-2004

I assume you're using a trunk interface on the router, one subinterface per VLAN, and that each VLAN is a different subnet. You can easily block at the subnet level rather than by individual IPs in this case. For example, you could apply an outbound ACL on the VLAN3 subinterface which blocks traffic to VLAN4's subnet, and permits everything else.

VLAN3: 10.0.1.0/24

VLAN4: 10.0.2.0/24

access-list 101 deny ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255

access-list 101 permit ip any any