10-29-2010 07:41 PM - edited 03-06-2019 01:48 PM
10-29-2010 09:09 PM
Hi Kris,
It is very important to know what devices you are using and what is a setup.
If all of your vlans are terminated on one router then you can use vrf-lite to avoid access between two network and
allowing access of both network to the third network
Regards
Mahesh
10-30-2010 03:21 AM
I may have mis-read your post but from what I understadn you want the Visitor network to be able to reach thr printer network. You want the corporate to be able to reach the printer network. You wish to prevent the visitor network and the corporate network from communicating with each other. If this is correct, you would set the switch up similarly to:
Network ranges:
Visitor network - 192.168.1.0 /24
Printer network - 192.168.2.0 /24
Corporate network - 192.168.3.0 /24
Switch config:
vlan 1
name VISITOR
vlan 2
name PRINTER
vlan 3
name CORPORATE
interface vlan 1
ip address 192.168.1.254 255.255.255.0
access-group DENY_VISITOR_TO_CORPORATE in
no shut
interface vlan 2
ip address 192.168.2.254 255.255.255.0
no shut
interface vlan 3
ip address 192.168.3.254 255.255.255.0
access-group DENY_VISITOR_TO_CORPORATE in
no shut
access-list DENY_VISITOR_TO_CORPORATE deny ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
aaccess-list DENY_VISITOR_TO_CORPORATE permit ip any any
access-list DENY_CORPORATE_TO_VISITOR deny ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list DENY_CORPORATE_TO_VISITOR permit ip any any
Place the ports that connect to the visitor devices into VLAN 1
Place the ports that connect to the printer devices into VLAN 2
Place the ports that connect to the vcorporate devices into VLAN 3
Regards
Jimmy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide