05-21-2019 02:23 AM - edited 05-21-2019 02:25 AM
Hi,
I am new here trying to figurate out how it works... will be very grateful if someone can give me a hand here.
I have created a network has 5 different VLANs with bus topology,
wireless router - router - switch(vlan10) - switch(vlan20) - switch(vlan30) - switch(vlan40 with a server) - switch(vlan50)
but each VLAN cannot communicate with each other. For that reason, I did not create trunk... so here is the problem. I have a manager's PC under VLAN 40 which should have access to VLAN 10. I tried to add access-list permit via router but it doesn't work... I dunno if its because I didn't set up the trunk or there is some other way of doing it.
Any suggestions will help, thank you
Solved! Go to Solution.
05-21-2019 03:04 AM
The access-list 10 will have a default deny, since you have in applied INbound on each sub-interface, you will be blocking traffic on all but 0/0/0.40 .
For now, remove the ip access-group 10 in from all sub-interfaces and you will get working inter-vlan comms.
Let us know what inter-vlan security you require and we can suggest the correct ACLs and positions.
cheers,
Seb.
05-21-2019 02:28 AM
Hi there,
Looking at your topology, each switch is configured with just one VLAN and then these switches are just connected to one another?
I assume the router connected to switch(vlan10) uses a sub-interface with configuration for VLANs 1-, 20,30.40,50 ?
You switches will also need to have the connections between them configured as trunk links. At these stage don't explicitly specify the VLAN IDs.
This should allow a frame from VLAN40 to traverse the switches towards the sub-interface on the router and be routed.
Can you share the config of the router?
cheers,
Seb.
05-21-2019 02:56 AM
Hi Seb,
I did config all the VLANs to the router but I thought once I create the trunk, all the VLANs will link and they will start to communicate. But in this case because of the manager's PC, maybe I should the trunk and create the deny-list?
05-21-2019 03:04 AM
The access-list 10 will have a default deny, since you have in applied INbound on each sub-interface, you will be blocking traffic on all but 0/0/0.40 .
For now, remove the ip access-group 10 in from all sub-interfaces and you will get working inter-vlan comms.
Let us know what inter-vlan security you require and we can suggest the correct ACLs and positions.
cheers,
Seb.
05-21-2019 02:59 AM
05-21-2019 02:30 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide