Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
2
Replies

setup 1 way communication on vlans on a 3850 switch

mmercaldieze
Level 1
Level 1

‎08-04-2016 05:23 AM - edited ‎03-08-2019 06:52 AM

I have a client that does not want to do this on his ASA, he instead wants this setup on a 3850 switch.  They basically are trying to create a DMZ vlan, VLAN 10.  The servers are on VLAN 5.  They want VLAN 5 to have full access to VLAN 10, but VLAN 10 to have no access at all to VLAN 5.   I know on an ASA this is really simple but on a switch I am not sure, and also setting up zone based firewall on this switch is not an option.

Labels:
0 Helpful
2 Replies 2

Ton V Engelen
Level 3
Level 3

‎08-04-2016 06:02 AM

HI you could do this with an acl. 

Suppose vlan 10 has an SVI with 10.1.1.1/24 and vlan 5 has an SVI with 10.1.2.1/24

Block vlan 10 to vlan 5: 

ip access-list ext BLOCK-V10

10 deny ip 10.1.1.0 0.0.0.255 any

20 permit ip any any

interface VLAN 5

ip access-group BLOCK-V10 out

0 Helpful

mmercaldieze
Level 1
Level 1
In response to Ton V Engelen

‎08-04-2016 06:06 AM

ok thanks I will try that

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card