cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
916
Views
10
Helpful
4
Replies

access between vlans

suthomas1
Level 6
Level 6

Hello All,

My question is very naive. If i have a 6506 in which five SVIVvlans ( vlan 100 - vlan 500 ) are created.

Vlan 100 is printer, vlan 200 is financial vlan.

The route on this switch will point as default to a upstream firewall or router.

1. will vlan 100 and vlan 200 be able to talk to each other

2. will all vlan user be able to use print vlan 100 for printing

main purpose is not to have all vlans talk to each other, at the same time vlan 100 should be able to be used by all users.

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Hi,

they can't talk to eah other if there is no L3 routing.But on the 6500 L3 switching is enabled by default contrary to lower platforms like 35xx where you have to configure ip routing.

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

4 Replies 4

cadet alain
VIP Alumni
VIP Alumni

Hi,

if all SVIs are up/up then yes they all will be able to talk to each other and if you don't want to then you can use ACLs or private vlans.

Regards.

Alain.

Don't forget to rate helpful posts.

Is that the case, i understood that different vlans will not talk to each other

thanks.

Hi,

they can't talk to eah other if there is no L3 routing.But on the 6500 L3 switching is enabled by default contrary to lower platforms like 35xx where you have to configure ip routing.

Regards.

Alain.

Don't forget to rate helpful posts.

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

By default, all vlans will communicate with each other.  If you do not want the vlans to talk to each other, then you can deploy something like this example and apply it to these vlans.  In this case vlan 200 will not communicate with vlan 210.

vlan 200 = 192.168.200.0/24

vlan 210= 192.168.210.0/24

access-list 111 deny ip 192.168.200.0 0.0.0.255 192.168.210.0 0.0.0.255

access-list 111 permit ip 192.168.200.0 0.0.0.255 any

access-list 112 deny ip 192.168.210.0 0.0.0.255 192.168.200.0 0.0.0.255

access-list 112 permit ip 192.168.210.0 0.0.0.255 any

int vlan 200

ip access-group 111 in

int vlan 210

ip access-group 112 in

HTH