Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2662
Views
7
Helpful
4
Replies

Exclude a vlan from IP ROUTING layer 3 switch

Go to solution
Jason Whitehead
Level 1
Level 1

‎01-12-2010 12:42 PM - edited ‎03-06-2019 09:15 AM

I have set up a Layer 3 switch to do IP routing between the VLANS, There are a couple of VLANS that I do not want communicating with the other VLANS,

What is the best way to accomplish this, ACLS?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Jason Whitehead

‎01-12-2010 12:54 PM 

JasonWhitehead wrote:
The vlans I want to exclude only need to talk to the devices on the same VLAN and use the internet out of the default route

Jason

Well then yes, ACLs are the way to go eg.

vlan 10 is one of your isolated vlans = 192.168.10.0/24

vlan 5, 6, 7 are vlans you don't want vlan 10 communicating with

access-list 101 deny ip 192.168.10.0 0.0.0.255

access-list 101 deny ip 192.168.10.0 0.0.0.255

access-list 101 deny ip 192.168.10.0 0.0.0.255

access-list 101 permit ip 192.168.10.0 0.0.0.255 any  <-- this line for internet access

int vlan 10

ip access-group 101 in

Jon

View solution in original post

4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-12-2010 12:46 PM 

JasonWhitehead wrote:
I have set up a Layer 3 switch to do IP routing between the VLANS, There are a couple of VLANS that I do not want communicating with the other VLANS,
What is the best way to accomplish this, ACLS?

Jason

Yes you can use ACLs on the L3 interfaces. Do these vlans you want to isolate need to talk to anything other than devices on their own vlans ?

Jon

0 Helpful

Go to solution
Jason Whitehead
Level 1
Level 1
In response to Jon Marshall

‎01-12-2010 12:48 PM

The vlans I want to exclude only need to talk to the devices on the same VLAN and use the internet out of the default route

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Jason Whitehead

‎01-12-2010 12:54 PM 

JasonWhitehead wrote:
The vlans I want to exclude only need to talk to the devices on the same VLAN and use the internet out of the default route

Jason

Well then yes, ACLs are the way to go eg.

vlan 10 is one of your isolated vlans = 192.168.10.0/24

vlan 5, 6, 7 are vlans you don't want vlan 10 communicating with

access-list 101 deny ip 192.168.10.0 0.0.0.255

access-list 101 deny ip 192.168.10.0 0.0.0.255

access-list 101 deny ip 192.168.10.0 0.0.0.255

access-list 101 permit ip 192.168.10.0 0.0.0.255 any  <-- this line for internet access

int vlan 10

ip access-group 101 in

Jon

Go to solution
Jason Whitehead
Level 1
Level 1
In response to Jon Marshall

‎01-12-2010 12:56 PM

Thank you so much, It is ridiculous how fast the respond time is on these forums, nothing but help here

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card