Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1587
Views
5
Helpful
2
Replies

communication between VLANs

Go to solution
Dopamine
Level 1
Level 1

‎10-31-2021 01:55 AM

Hello, I have a question! 

 

I have one switch 2960 and one router. 

in switch, I have 3 VLANs. VLAN 2, 3, and 4.

I want VLAN 2 to connect to VLAN 3 and  VLAN 4, but VLAN 3 and 4 can not connect to VLAN 2. 

Do I have to use the Access List? How do I write that Access List? 

 

Thanks.

 

problem.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎10-31-2021 02:26 AM - edited ‎10-31-2021 02:29 AM

Hello
You don’t say what type of traffic you would like vlan 2 to be allowed to access vlan 3-4, however based on tcp sessions this can be accomplished by routed acls so any tcp traffic initiated from vlan2 towards either vlan 3-4 , then the related return traffic will be allowed.
However, if any traffic was initiated from either vlan 3-4 twoards vlan 2 it will be denied, Lastly traffic between vlan 3-4 will be allowed.

 

switch or rtr
ip access-list exteneded Vl2to3-4
permit tcp 192.168.3.0 0.0.0.255 any established
deny tcp 192.168.3.0 0.0.0.255 any
permit tcp 192.168.4.0 0.0.0.255 any established
deny tcp 192.168.4.0 0.0.0.255 any
permit ip any any


switch
int vlan 2
ip access-group Vl2to3-4 out

or

RTR (if rtr is perfroming inter-vlan routing and NOT switch)
int x/x.2
encapuslation dot1q 2
description vlan2
ip access-group Vl2to3-4 out


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

2 Replies 2

Go to solution
paul driver
VIP
VIP

‎10-31-2021 02:26 AM - edited ‎10-31-2021 02:29 AM

Hello
You don’t say what type of traffic you would like vlan 2 to be allowed to access vlan 3-4, however based on tcp sessions this can be accomplished by routed acls so any tcp traffic initiated from vlan2 towards either vlan 3-4 , then the related return traffic will be allowed.
However, if any traffic was initiated from either vlan 3-4 twoards vlan 2 it will be denied, Lastly traffic between vlan 3-4 will be allowed.

 

switch or rtr
ip access-list exteneded Vl2to3-4
permit tcp 192.168.3.0 0.0.0.255 any established
deny tcp 192.168.3.0 0.0.0.255 any
permit tcp 192.168.4.0 0.0.0.255 any established
deny tcp 192.168.4.0 0.0.0.255 any
permit ip any any


switch
int vlan 2
ip access-group Vl2to3-4 out

or

RTR (if rtr is perfroming inter-vlan routing and NOT switch)
int x/x.2
encapuslation dot1q 2
description vlan2
ip access-group Vl2to3-4 out


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Dopamine
Level 1
Level 1

‎10-31-2021 02:54 AM

thank you so much for helping me.

0 Helpful
Customers Also Viewed These Support Documents