Solved: You would need acls on the

wilson419 · ‎06-22-2017

Hi all,

New to Cisco but have setup 2 x 2960 switches with 2 VLANs on each (vlan 10 with ports 0 - 4 on and vlan 20 with ports 6 - 10 on) and have set a trunk between the 2 switches and so devices on one switch in vlan 10 can ping the devices on the other switch in vlan 10 and the same with the devices on vlan 20 but they can't ping each other which is great but we need to let them connect to a router (into gigabit Ethernet 0/1 on the switch in vlan1) but I cannot seem to get this going ? I have setup sub interfaces on the router and tagged them to the vlans but what else do I need to do to allow them to access the internet but still not each other ?

Thanks in advance

Jon Marshall · ‎06-22-2017

You would need acls on the router interfaces to block traffic between the subnets and allow any other ie. internet and then you would need to setup NAT for the internet assuming the router is using a public IP on it's internet facing interface.

Are you okay doing that or do you need help ?

If you need help can you post the router configuration and with any public IPs just use "x" for the middle two octets.

Jon

View solution in original post

Jon Marshall · ‎06-22-2017

You would need acls on the router interfaces to block traffic between the subnets and allow any other ie. internet and then you would need to setup NAT for the internet assuming the router is using a public IP on it's internet facing interface.

Are you okay doing that or do you need help ?

If you need help can you post the router configuration and with any public IPs just use "x" for the middle two octets.

Jon

Allow VLANs to access gateway/internet