Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
668
Views
0
Helpful
4
Replies

Cisco Routing

Go to solution
rathish4rock1
Level 1
Level 1

‎01-26-2018 09:06 AM - edited ‎03-08-2019 01:34 PM

Hi Friends, i need ur help, i m a beginer pls help me. i have 5 vlans in my L3 cisco switch and i enable i routing also. but i want to deny particular 2 vlans to deny the internet. 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎01-28-2018 04:15 AM

Hi,

You have many options:

1. Don't allow on NAT ACL on your router to those two VLANs.

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

 

2. Configure Dany ACL on Router LAN interface with those two VLAN subnets.

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

 

3. Configure VLAN-ACL (VACL) on the switch to stop subnet to communicating with VLAN which is configured between the router and your switch.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/vlan_acls.html

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎01-26-2018 09:15 AM

Hello,

 

it depends how your NAT is configured. You can either exclude the VLANs from being translated, or you can apply an access list on the VLAN iinterfaces that denies all traffic to public IP addresses.

 

0 Helpful

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎01-28-2018 04:15 AM

Hi,

You have many options:

1. Don't allow on NAT ACL on your router to those two VLANs.

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

 

2. Configure Dany ACL on Router LAN interface with those two VLAN subnets.

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

 

3. Configure VLAN-ACL (VACL) on the switch to stop subnet to communicating with VLAN which is configured between the router and your switch.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/vlan_acls.html

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
rathish4rock1
Level 1
Level 1
In response to Deepak Kumar

‎01-28-2018 04:23 AM

 
0 Helpful

Go to solution
rathish4rock1
Level 1
Level 1

‎01-28-2018 04:24 AM

Thanks for ur guiding. It's very helpful to me. I ll try this.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card