09-22-2008 01:04 PM - edited 03-06-2019 01:31 AM
I had to configure several vlans on a CAT4510, all vlan had to see the server vlan. The customer dont want that one vlan see other vlans (only with the servers vlan).
How can I do this?
09-22-2008 01:13 PM
Hello,
You can create an ACL and apply inbound on each VLAN interface. In the ACL allow communication to the servers subnet and deny everything else to the RFC 1918 networks.
Hope this helps,
Regards,
Appreciate you rating,
09-22-2008 02:21 PM
ok, what about CPU usage?.
Is possible use VLAN MAPS (VLAN ACL)?.
Thanks
09-28-2008 05:50 PM
Hi, can you tell me if this work in this way...
======
ip access-list extended intervlan_2_3_acl
permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
vlan access-map intervlan_map
match ip address intervlan_2_3_acl
action drop
ip access-list extended intervlan_2_4_acl
permit ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
vlan access-map intervlan_map
match ip address intervlan_2_4_acl
action drop
ip access-list extended intervlan_others_acl
permit ip any any
vlan access-map intervlan_map
match ip rest-intervlan_acl
action forward
vlan filter intervlan_map vlan-list 1-4
thanks
09-28-2008 06:36 PM
doing some research.. I believe this will work better...
ip access-list extended intervlan_1_acl
permit ip 192.168.1.0 0.0.0.255 any
permit any ip 192.168.1.0 0.0.0.255
vlan access-map intervlan_1_map
match ip address intervlan_1_acl
action drop
vlan access-map intervlan_1_map
action forward
vlan filter intervlan_1_map vlan-list 1
09-28-2008 09:52 PM
let me give small note:
normal acl routed acl RACL
used to control traffic between vlans in a switch
while vlan ACL VACL as u referd it vlan map this can be used between vlans but it is useful to filter traffic withing the same vlan as well
in ur case u can creat normal ACL RACL that filter traffic between vlans and apply it on the vlan interface on ur L3 switch on the SVI
like interface vlan x
access-group in .....
if helpful Rate
09-29-2008 09:03 AM
The above will deny any traffic to anywhere from 192.168.1.0/24. I don't think this is your target. You said you want to deny intervlan traffic right? Not everything from that VLAN?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide