Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
2
Replies

How to separate the vlan.

dongnguyen
Level 1
Level 1

‎09-03-2019 02:58 AM

- I did not configure anything, but the vlan is currently communicating with each other.

- Can you show me how to separate the vlan.

Config file is here:

version 16.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname CoreSwitchL3
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$v4Di$K9TsWOA0Kkk4tyHS4nTp30
enable password salahotel@123
!
no aaa new-model
switch 1 provision ws-c3650-24ts
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3660498994
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3660498994
revocation-check none
rsakeypair TP-self-signed-3660498994
!
!
crypto pki certificate chain TP-self-signed-3660498994
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363630 34393839 3934301E 170D3139 30343234 30323233
30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36363034
39383939 34308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 01008D5F 98DDAE49 85952E69 7305C4E6 1BCBAF39 C9B95BF8 B032C3E9
F2EC7D3A 4F154BF8 85D37E5C 1B0A323B C2892A16 9EED5F3C 08F8115E DE2257CE
128FD855 9E89C806 F41622CA 7832CE09 C748F517 6549DB24 663E88CB BA57A59E
2FAF0064 7D6F88D1 9F6941BA 051E7A40 8E5B2690 235D5941 6B32785F D78DE5CC
8BDD41FD 72031981 C47CD014 10A1AC88 5BD520FD E883FB39 FD39E531 72F00902
9D691945 07236A7A 02300C3A B04C8A3E E9DA1945 A8826115 F14D7C40 49CB69DF
BFE29D26 97462718 354D17F6 38C328A9 DD06D46F 6415F629 8E5029F7 A5BBC9DE
7C0CFED6 155828D9 384FC153 F9B11AF8 B6D02F46 EA57BB9A 0704B956 7FD480CC
9518BD93 4DA50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14E6A3AB DF2B08DC 5271F2F7 06CFEF53 BD5B5417
B3301D06 03551D0E 04160414 E6A3ABDF 2B08DC52 71F2F706 CFEF53BD 5B5417B3
300D0609 2A864886 F70D0101 05050003 82010100 30B619E6 7C7CB982 9AEC0C75
A5A3322A 1591073C CF393C4D B0B0EB7F 219909BA A66C3558 A33BDF48 0740EB18
3730E573 6A10E7B9 AE03D19D AEE1EE0D 3FE6F3A6 73561790 4A567D70 C3C8A854
5289EF5C 93DDAA57 D6502563 AAEC3D1E 194F8DB9 C94AB620 5AA4354A BB4B10DA
B0ABF12A FC2F9BD6 2B340F36 8D74ACCC FFA11EFD B403E1EA 517ADFF5 7961514C
76ED97C5 20E2D46A 600CE3DE 76ACA658 C3EAA359 2E835F4C 25908D8B 8A9C9E7D
A91B68D3 29D6A4E8 FC61F2A4 7E6E5B59 55991604 9EDCB0E0 D0DF35AC 45DD303F
09228850 4DDDC1D8 F9E852E0 A8E5ADF7 226FCD37 FCE45AF5 46F8C57E 9F1460DE
15131BA5 673233CB 25EC552F A0C1839F 799A26AC
quit
!
license boot level ipbasek9
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
username admin privilege 15 password 0 salahotel123
!
redundancy
mode sso
!
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/5
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/6
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/7
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/8
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/9
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/10
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/11
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/13
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/14
switchport trunk allowed vlan 1,5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/15
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/19
description ==Dau Ghi==
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet1/0/20
description ==Dau Ghi==
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet1/0/21
switchport trunk allowed vlan 5,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/22
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet1/0/23
no switchport
ip address 10.55.5.51 255.255.255.0
!
interface GigabitEthernet1/0/24
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
ip address 10.55.4.1 255.255.255.0
!
interface Vlan4
ip address 10.55.3.1 255.255.255.0
!
interface Vlan5
no ip address
!
interface Vlan10
description WifiSalaHotel
ip address 10.0.0.1 255.255.0.0
ip helper-address 10.55.50.41
!
interface Vlan20
ip address 10.55.20.1 255.255.254.0
ip helper-address 10.55.50.41
!
interface Vlan30
ip address 10.55.30.1 255.255.254.0
ip helper-address 10.55.50.41
!
interface Vlan40
ip address 10.55.40.1 255.255.255.0
ip helper-address 10.55.50.41
!
interface Vlan50
ip address 10.55.50.1 255.255.254.0
ip helper-address 10.55.50.41
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.55.5.50
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password salahotel123
login
line vty 5 15
password salahotel123
login
!
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end

1.JPG2.jpg

Labels:
0 Helpful
2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

‎09-03-2019 03:42 AM - edited ‎09-03-2019 03:46 AM

Hi there,

try the following:

!
ip access-list ext VLAN20-IN
  deny ip 10.55.20.0 0.0.1.255 10.55.30.0 0.0.1.255
  permit ip any any
!
int vlan 20
  ip access-group VLAN20-IN in
!

 

cheers,

Seb.

 

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni

‎09-03-2019 01:00 PM

please disable ip routing by below command

 

"no ip routing"

 

This will disable inter VLAN routing.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful
Customers Also Viewed These Support Documents