cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
698
Views
10
Helpful
3
Replies

stopping vlan routing on 6509 for one specific vlan.

steve.hart
Level 1
Level 1

I want to setup a CUCM lab environment on a seperate vlan but want to take advantage of the POE ports on my 6509. Is there an easy way to create a new vlan but not have it be automatically routed. I don't want any possiblity of the lab CUCM interfering with the production CUCM. In other words I want to create a network that is completely self contained with no access to other vlans on my 6509. I was thinking about using an access list but wanted to get some other opinions to see if that was the best idea.

Thanks in advance for any advice.

Steve

1 Accepted Solution

Accepted Solutions

Edison Ortiz
Hall of Fame
Hall of Fame

Steve,

You can create a Layer2 Vlan on the switch and assign those switchports to the newly created Vlan.

As long as you don't create a SVI (Switch Virtual Interface) for such Vlan, no routing will occur.

HTH,

__

Edison.

View solution in original post

3 Replies 3

MATTHEW BECK
Level 1
Level 1

Hi,

Perhaps I'm misunderstanding your question, but if you don't put an IP address on the VLAN interface of the 6509, there is no routing capability. You won't be able to get in or out of the VLAN, but it will prevent that subnet from interacting with other VLANs/subnets.

If you need to get in and out of the VLAN for certain services you could use an ACL like you mentioned or drop a spare firewall in there too. Configure the hosts to use the fw as the gateway and it controls what is permitted up to the 6509.

I hope this helps.

Matt

Edison Ortiz
Hall of Fame
Hall of Fame

Steve,

You can create a Layer2 Vlan on the switch and assign those switchports to the newly created Vlan.

As long as you don't create a SVI (Switch Virtual Interface) for such Vlan, no routing will occur.

HTH,

__

Edison.

mlund
Level 7
Level 7

Hi Steve

You can create a layer2 vlan, and leave it that way. Do not create the layer3 interface for the vlan.

/Mikael