07-16-2017 12:53 PM - edited 03-08-2019 11:20 AM
I have 5 vlan
vlan 10 - 192.168.1.0/24 network
vlan 20 - 192.168.2.0/24 network
vlan 30 - 192.168.3.0/24 network
vlan 40 - 192.168.4.0/24 network
vlan 50 - 192.168.5.0/24 network
My requirement is
Vlan 10, Vlan 20, Vlan 30, Vlan 40 should not communicate with each other but vlan 50 should be communicate with every vlan.
How i will configuration
07-16-2017 01:32 PM
! for SVIs for VLANs 10,20,30,40
Interface vlan X
ip access-group 100 in
! permit access to 192.168.5.0/24 network
access-list 100 permit ip any 192.168.5.0 0.0.0.255
! deny access to the private ip address range of other networks here for 192.168.0.0 - 192.168.7.0
access-list 100 deny ip any 192.168.0.0 0.0.7.255
! if other traffic should be permitted
access-list 100 permit ip any any
Sure, you can be more specific and specify each destination network to be denied separately and source address can be from specific network range etc
07-16-2017 04:11 PM
Hi,
You should probably use ACLs at your Layer 3 boundary. Which device is providing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide