Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
939
Views
0
Helpful
4
Replies

Securing particular vlan in Catalyst 9000, LAN Switching

Amit Kulshrestha
Level 1
Level 1

‎12-24-2019 07:13 AM - edited ‎12-24-2019 07:13 AM

Hi Everyone....My new network architecture is simple explained below, require to configure new L3 core switch (9300 series) with 10 vlans

  1. Vlan 10 – 192.168.10.0/24
  2. Vlan 11 – 192.168.11.0/24
  3. Vlan 12 – 192.168.12.0/24
  4. Vlan 13 – 192.168.13.0/24
  5. Vlan 14 – 192.168.14.0/24
  6. Vlan 15 – 192.168.15.0/24
  7. Vlan 16 – 192.168.16.0/24
  8. Vlan 17 – 192.168.17.0/24
  9. Vlan 18 – 192.168.18.0/24
  10. Vlan 19 – 192.168.19.0/24

My senior mgmt. has given me a new requirement like they want Vlan 15 should be secure or it should not be accessible to other vlan. Please suggest all and best possible ways which can be configured in core switch itself, also suggest if configuration change is required, no downtime problem. Do not want to use ACL. Thanks in Advance. Amit

 

 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎12-24-2019 07:24 AM

VLAN ACL (VACL )is the correct one.

 

Example reference guide :

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/vlan_acls.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Amit Kulshrestha
Level 1
Level 1
In response to balaji.bandi

‎12-24-2019 10:48 PM

Hello Balaji, Can we use yrf  for particular vlan (Vlan 15) which is required to secure and rest configure as normal vlan.

Regds Amit

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Amit Kulshrestha

‎12-25-2019 02:53 AM

Sure you can use VRF here in your case, depends on your requirement - you can with normal VLAN with VACL or VRF.

 

here is a configuration guide for Cat 9K VRF config.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-8/configuration_guide/ip_mcast_rtng/b_168_ip_mcast_rtng_9300_cg/configuring_vrf_lite.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎12-25-2019 01:44 AM - edited ‎12-25-2019 01:56 AM

Hello

if you don’t wish to use access list then to segregate that vlan you’ll need to use a VRF that’s if that switch supports it

 

Feature vrf

Ip vrf 15

int vlan 15

io vrf forwarding 15

Exit

ip route 0.0.0.0 0.0.0.0.0 x.x.x.x global 

thst static route will allow vlan 15 users gain external connection 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card