10-26-2017 01:47 PM - edited 03-08-2019 12:30 PM
I have a L3 switch used with three vlans. I need to ensure that traffic from each valn including broadcast, multicast should not cross each other. My objective is all three vlans should be 100% isolated. Traffic from one vlan should never enter another vlan. How do I ensure this?
Solved! Go to Solution.
10-27-2017 02:04 AM
Hello
not from the negated vlans but within each vlan yes there is - but you can minimise this through storm control
res
paul
10-26-2017 02:02 PM
Hello
You can use PVLANS but RACL's would be applicable here also.
ip access-list extended no-vlan20-30
deny ip any 20.20.20.0 0.0.0.255
deny ip any 30.20.20.0 0.0.0.255
permit ip any any
int vlan 10
ip access-group no-vlan20-30 IN
ip access-list extended no-vlan10-30
deny ip any 10.10.10.0 0.0.0.255
deny ip any 30.20.20.0 0.0.0.255
permit ip any any
int vlan 20
ip access-group no-vlan10-30 IN
ip access-list extended no-vlan10-20
deny ip any 10.10.10.0 0.0.0.255
deny ip any 20.20.20.0 0.0.0.255
permit ip any any
int vlan 30
ip access-group no-vlan10-20 IN
res
Paul
10-26-2017 10:42 PM
I have a question in mind, if I do not define any IP interface on vlan, is there any possibility of any type of traffic (broadcast, multicast) reaching from one vlan to another vlan?
10-27-2017 02:04 AM
Hello
not from the negated vlans but within each vlan yes there is - but you can minimise this through storm control
res
paul
10-27-2017 09:46 AM
10-27-2017 09:57 AM
Hello
you cn but that will negate all communication to everything outside that vlan even other vlans and wan traffic
res
paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide