Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
3
Replies

VLAN Help

Mark Chryssanthis
Level 1
Level 1

‎01-27-2015 09:41 AM - edited ‎03-07-2019 10:24 PM

I've inherited a network from a predecessor with no documentation.  The network is incorporating VLANs for various types of users and resources.  I have done some basic work on VLANs, establishing them and configuring them on ports, but I'm very green on ACLs.  We have one "resource" VLAN that needs to be accessible to workstations on two other VLANs.  There is code in the configuration file that I "think" is leading to this functionality, but I'm unable to dig into it further.  I've been reading up on VLANs and ACLs, but the commands I'm finding online and in my book either don't work, or I need to be in another mode on the switch in order to execute them.

 

The configuration line items in quesiton are:

vlan internal allocation policy ascending
vlan group access-map vlan-list 77

 

I would like to decipher the "access-map" for this, on how its membership is specified.  I've tried entering 

sh vlan access-map 

but the command errors out on "access-map".  I am in privileged mode.  

 

Any help would be greatly appreciated.  I know the VLAN 77 contains the shared resources, and VLAN 73 and 74 need access to those resources.

 

Labels:
0 Helpful
3 Replies 3

Kelvin Willacey
Level 4
Level 4

‎01-27-2015 09:59 AM

Depends on your setup. Where are the gateways located? Layer 3 switch, firewall, router? VLAN access maps are typically used to restrict access within the VLAN itself.

0 Helpful

Mark Chryssanthis
Level 1
Level 1
In response to Kelvin Willacey

‎01-27-2015 11:50 AM

We have an MPLS connection from this site to our main office.  The firewall is at our main office.  All the traffic going between the VLANs is local to the site.  The basic configuration in a nutshell is one VLAN for Staff, one VLAN for shared resources (printers, servers), and a third VLAN for the office workers.  The Staff and office workers both need access to the shared resources, but the office works can't access and of the staff machines.  Each site has a layer 3 switch for routing through the MPLS connection, and layer 2 switches in each shop at the site.  Don't know if that answers your question.  Without beating around the bush too much, the "office workers" are inmates in a correctional facility, and they have highly restricted access on the network.

0 Helpful

Kelvin Willacey
Level 4
Level 4
In response to Mark Chryssanthis

‎01-27-2015 01:53 PM

OK, with that being the case then all you should need is an ACL with the proper restrictions applied to the VLAN gateway for the office workers. 

0 Helpful
Customers Also Viewed These Support Documents