10-05-2017 06:48 AM - edited 03-08-2019 12:16 PM
Dears
I have Catalyst 4000 L3 Switch and I have the following vlans:
vlan 100 for management
vlan 101 for end users
vlan 102 for Wireless
vlan 200 for the internet source (Comming from SP)
All above vlans can ping each other
I need to Isolate vlan 102 from vlan 100, 101 and just give access to vlan 200 with separate DHCP, so anyone will connect this vlan will not be able to reach vlan 100 and 101
Kindly advice me what is the proper solution for the above case ?
Solved! Go to Solution.
10-06-2017 08:48 AM
10-05-2017 07:34 AM
10-05-2017 09:34 AM
Thank you for your feedback
Please check the below and tell me whether it is valid:
access-list 100 deny ip any 192.168.10.0 0.255.255.255 log (Traffic for Vlan 100)
access-list 100 deny ip any 192.168.11.0 0.255.255.255 log (Traffic for Vlan 101)
access-list 100 allow ip any any
interface VLAN 102
ip access-group 100 in
10-06-2017 08:48 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: