Solved: Routing between VLANS in one direction

rubindj01 · ‎07-24-2013

Ok... so I'm not sure if I can do this, but I'd love some input if its possible.

Network equipment -- RV120W, SF300-24

VLAN10 --> switch within VLAN, access internet -- preferably to just 3 addresses

VLAN20 --> switch within VLAN, Can initiate connection with VLAN10, VLAN30, access internet (I realize this is a security risk, but unavoidable)

VLAN30 --> switch within VLAN, Can access internet

VLAN40 --> Internet access only, cannot switch

I've got the trunking setup between the devices, and am assigning the VLAN's easily enough, I'm just not sure how (or if its possible) to create the routing tables / settings to accomplish. I may not be able to accomplish this on an SF300, but some pointers would be appreciated -- even if I can only accomplish part of what would be the ideal.

vvijaysa · ‎07-24-2013

Hello Smith,

I suggest creating access-list (IPv4 based ACL) for your configuration (assuming that you are doing your inter-VLAN routing on the switch). If you are doing the inter-VLAN routing on the RV120W, you may have to create access list on the router instead.

Refer the below article on further details about ACL on SF300:

Configure IPv4-Based Access Lists on the 200/300 Series Managed Switches

Thanks,

Vijay

Please rate the answers.

View solution in original post

Tom Watts · ‎07-25-2013

Hi DR. Vijay is correct in that the access list is the correct methodology. Please bear in mind that the access list works INGRESS ONLY. Meaning if you put the ACL on an uplink port such as between the router and switch it wouldn't discriminate the traffic originating from the switch only originating from the router connection.

If all traffic is passing through the switch to get to the router then the ACL(s) should be applied to each ingress port (where the host is connecting to).

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/