Solved: Re: limiting vlan access - Page 2

richard · ‎01-28-2011

Hello. I have three VLANS set up on my Catalyst 3560G switch. Each VLAN has its own subnet and I have enabled IP routing and set up my VLANS so that clients on VLANS 1 and 3 can get to VLAN 2 because they share a server located on VLAN 2. However, now they can also see and get to each others VLANS! Can anyone please suggest or provide a couple of examples on how I can allow my clients on VLANS 1 and 3 access a server on VLAN 2 but not access the other VLANS? I don't want VLAN 1 to get to VLAN 3 or VLAN 3 to get to VLAN 1. Thanks for any help.

Edison Ortiz · ‎02-02-2011

FW with address 192.168.8.250 must know how to reach the 192.168.9.0/24 segment.

The hosts on 192.168.8.0/24 segment can reach the server because their default gateway is pointing to the switch.

I'm sure the FW's default gateway is pointing to another gateway, if it is - you need to add a static route for 192.168.9.0/24 segment pointing to 192.168.8.200 as the gateway for that subnet.

Additionally, since you mentioned FW - make sure there aren't any filtering applied on it.

richard · ‎02-02-2011

So like this?

ip route 192.168.9.0 255.255.255.0 192.168.8.200

Edison Ortiz · ‎02-02-2011

That's the idea but the syntax may be different in your FW.