how do we restrict a router interfaces from directly connected to Some vlans? can any one help me to figureout?
the question is
If i understand correctly you looking to block between VLAN communication with ACL ?
snippet from notes :
! access-list 30 deny ip source/mask destination/mask access-list 30 perit ip any any ! access-list 40 deny ip source/mask destination/mask access-list 40 permit ip any any ! int vlan 30 ip access-group 40 in ! int vlan 40 ip access-group 30 in !
so what I am looking for is, R2 should not have interfaces directly connected to Finance and Sales. How can we configure that?????
there are couple of options .
1. you can make VRF to not to interact with each other (that is complicated for small kind of setup)
2. Terminate them different segment with FW in place (this is additional administration task to manage FW)
3. So the option i have given above is simple ACL which give you ability that both deparments not communicated between Finance and sales at all.
in your case VLAN 10 and VLAN 20 - so change the ACL as per the requirement.