cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
883
Views
0
Helpful
3
Replies

Create Isolated wireless Vlan for my network

TeleCare
Level 1
Level 1

Dears 

I have  Catalyst 4000 L3 Switch and I have the following vlans:

 

vlan 100 for management 

vlan 101 for end users 

vlan 102 for Wireless 

vlan 200 for the internet source (Comming from SP)

All above vlans can ping each other 

I need to Isolate vlan 102 from vlan 100, 101 and just give access to vlan 200 with separate DHCP, so anyone will connect this vlan will not be able to reach vlan 100 and 101

 

Kindly advice me what is the proper solution for the above case ?

 

 

 

1 Accepted Solution

Accepted Solutions

Well, not knowing your IP addressing, cannot say for certain, however . . .

You using a mask for all 192.x.x.x traffic, which is okay if that's what you want, but then you only need one ACE.

Besides blocking traffic fromV102 to V100 or V101, you might want to block traffic from those VLANs too.

View solution in original post

3 Replies 3

Joseph W. Doherty
Hall of Fame
Hall of Fame
Assuming your VLANs are all addressed differently, normally you would use ACLs to block traffic. For example, ingress/egress ACLs on your VLAN 102 sVI could block traffic to/from VLANs 100 and 101.

Thank you for your feedback 

Please check the below and tell me whether it is valid:

access-list 100 deny   ip any 192.168.10.0 0.255.255.255 log (Traffic for Vlan 100)

access-list 100 deny   ip any 192.168.11.0 0.255.255.255 log (Traffic for Vlan 101)

access-list 100 allow ip any any 

 

interface VLAN  102

ip access-group 100 in

 

 

Well, not knowing your IP addressing, cannot say for certain, however . . .

You using a mask for all 192.x.x.x traffic, which is okay if that's what you want, but then you only need one ACE.

Besides blocking traffic fromV102 to V100 or V101, you might want to block traffic from those VLANs too.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: