cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
815
Views
0
Helpful
2
Replies

Vlan Based Access List on Cisco 3850 L3 Switch

Srinivas N
Level 1
Level 1

Hi Friends,

I have a cisco 3850 L3 Switch, which is installed in my network.

In that switch we created 6Vlans and each vlan having separate network (Ex..Vlan100 connected 10.4.1.0/24, Vlan200 connected 10.4.2.0/24, Vlan300 connected 10.4.3.0/24 like...) It mean to say that switch working for 6 different vlans and every vlan having individual network in the same building, we have some local servers in same vlans

My requirement is any vlan should not communicate with any other vlan, but whatever the servers are there in different vlan, those servers should reach some nodes... (Ex..Antivirus server and file server are in vlan 200, those every body should reach, Local Data Base Server are in vlan 300, those server should reach two users, who are sitting in vlan 200 and we have door access devices in all floors (each device connected to each separate vlan those devices should communicate to admin user who are in vlan 100)

 

Please guide me to above configuration.

 

Thanks & Regards,

Srinivas. N 

 

  

Thanks & Regards,
Srinivas.
2 Replies 2

Leo Laohoo
Hall of Fame
Hall of Fame

Duplicate post.

 

Go HERE.

Jon Marshall
Hall of Fame
Hall of Fame

It would be better to have all the servers in the same vlan as this would make it easier and also more logical.

However assuming you can't you need to follow this logic for each acl -

1) you need to permit the client to server and server to client traffic first in your acls

2) then you need to deny client traffic to the whole IP subnet for the other vlans. So if you permit the traffic as above you can then deny all other traffic to those subnets.

3) assuming you need internet access for your clients you then need to end the acl with a "permit ip any any"

Jon