Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2073
Views
5
Helpful
2
Replies

Block Inter vlan routing

jthombs1016
Level 1
Level 1

‎09-23-2016 09:28 AM - edited ‎03-08-2019 07:33 AM

I have  2  Layer 2 wireless VLans  90 (users)  and 98 (WAP management which terminate on ASA firewall
These vlan  are present on all switches and on the core switch via trunk ports.
I would like to block these VLANs  from accessing  other VLAN accept the  Internet VLAN 101.
I am using a cisco 6509  switch. What is the best way to do this.
10.90.1.x/24 Users
10.98.1.x24 WAP management

Internet  10.1.1.0/x

Thanks

Labels:
0 Helpful
2 Replies 2

rasmus.elmholt
Level 7
Level 7

‎09-23-2016 11:34 AM

Both VLANs, are they terminated at the ASA? Layer 2 wise? Then they should be seperated, and you need to set up rules on the ASA to allow them access to internet and other VLANs.

Of your VLANs terminate at the 6500 then you need some kind of VRFs to seperate the routing.

0 Helpful

Alipio.Gobaton
Level 1
Level 1

‎09-24-2016 08:12 PM

Is your gateway for VLAN 90 and VLAN 98 pointed to the Core switch (6500)? If so, you can configure a VACL that only permits to Internet 10.1.1.0/x and denies any other VLAN.

#ip access-list extended INTERNET

permit ip 10.1.1.0 <wildcard mask> any

#vlan access-map my_map 10

match ip address INTERNET

action forward

#vlan filter my_map vlan list 90,98

With the configuration above, you can only access to the INTERNET for vlan 90 and 98.

Please rate the post...ty

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card