Hello

sachinc01 · ‎08-06-2017

Hi Team,

Please find attached layout I have 100,200,300,400 VLAN on SG500X L3 switch

On SG300 Switch on L2 Mode All VLAN replicate on L2 Switch nOw all VLAN communicate each other.

Please Guide :- I want to set all VLAN didnot communicate each other but access SERVER VLAN 400 & Internet

VLAN 100 :- Communicate VLAN 100 & VLAN 400 Server & Internet 192.168.1.1

VLAN 200 :- Communicate VLAN 200 & Vlan 400

VLAN 300:- Communicate VLAN 300,100,400

How I will Set please guide.

paul driver · ‎08-06-2017

Hello

Routed access-list (RACL) would be good a good solution

ip access-list extended vlan100
deny ip 192.168.2.0 0.0.0.255
permit ip any any

int vlan 100
ip access-group vlan100 out

ip access-list extended vlan200
deny ip 192.168.1.0 0.0.0.255
permit ip any any

int vlan 200
ip access-group vlan200 out

ip access-list extended vlan300
Permit tcp 192.168.1.0 0.0.0.255 any established
deny ip 192.168.1.0 0.0.0.255
Permit tcp 192.168.3.0 0.0.0.255 any established
deny ip 192.168.3.0 0.0.0.255
deny ip 192.168.2.0 0.0.0.255
permit ip any any

int vlan 300
ip access-group vlan300 out

Note for vlan 300 the Acl is allowing tcp ONLY if you wish UDP also then it will have to be any any ace entry due to the connection-less nature of the protocol

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Need Help on VLAN Communication