Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
945
Views
4
Helpful
8
Replies

A conceptual question on VLANs

Go to solution
yosefshai
Level 1
Level 1

‎12-21-2014 04:31 AM - edited ‎03-07-2019 09:58 PM

Hi All,

 

I have a conceptual question on VLANs please.

 

Assume I have in my company 2 departments (Finance and HR), all computers attached to the same L2 switch but separated by 2 different VLANs (V100 and V200).

On a different network I have 2 servers (the HR server which is @ 192.168.10.10 and the Finance sever which is @ 192.168.10.20).

All traffic from the Finance and HR departments towards the 192.168.10.X pass through a Cisco router that is connected to all networks with different legs.

 

Now, what should I do (on the router) in order to avoid HR computers from accessing the Finance (and vice versa)?

 

1. Should I apply IP ACLs on the router? if so then how do the VLANs helped me in here (if using IP ACLs).

2. Is there a different way to achieve my goal please?

 

TIA

Shai

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to yosefshai

‎12-21-2014 08:29 AM

Hi

VLANs are only effective at layer 2, and the router operates at layer 3. So the VLANs are there to seperate the traffic at layer 2, but you need to apply ACLs on the router to still keep the traffic seperated at layer 3.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Martin Carr
Level 4
Level 4

‎12-21-2014 06:21 AM

Correct, you need to create an ACL on the router and apply it to the respective sub interface.

Martin

0 Helpful

Go to solution
yosefshai
Level 1
Level 1
In response to Martin Carr

‎12-21-2014 06:39 AM

Well, then how do the VLANs come in handy if IP ACLs are needed in here?

What benefits do the VLANs provide me with please?

0 Helpful

Go to solution
Martin Carr
Level 4
Level 4
In response to yosefshai

‎12-21-2014 08:27 AM

A VLAN is a broadcast domain, you use them to create logical networks. To communicate between them you need to route.

By default all networks will be reachable, hence why you need an ACL to restrict access.

Martin

0 Helpful

Go to solution
chinpohpang851
Level 1
Level 1
In response to Martin Carr

‎12-21-2014 07:01 PM

I thought Layer 2 switches mean plug n play and only Layer 3 switches are managed switch?

0 Helpful

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to chinpohpang851

‎12-21-2014 09:12 PM

Nope. A layer 2 switch is a switch that only forwards based on the layer 2 address (MAC address), and a layer 3 switch can also forward based on the layer 3 address (IP address).

Go to solution
chinpohpang851
Level 1
Level 1
In response to Henrik Grankvist

‎12-21-2014 09:27 PM

Thanks! I've learnt something.

0 Helpful

Go to solution
Henrik Grankvist
Level 4
Level 4
In response to yosefshai

‎12-21-2014 08:29 AM

Hi

VLANs are only effective at layer 2, and the router operates at layer 3. So the VLANs are there to seperate the traffic at layer 2, but you need to apply ACLs on the router to still keep the traffic seperated at layer 3.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎12-21-2014 03:37 PM

Hell0

I am assuming the router/L3 switch is doing the inter vlan routing for these vlans so your are correct a RACL would be applicable?

Can you post the config for this device to confirm your existing configuration

res

Paul



 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents