Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
3
Replies

VLAN security

butchbrx
Level 1
Level 1

‎11-28-2005 03:52 PM - edited ‎03-05-2019 11:42 AM

I want to connect several hosts (each in a unique VLAN, not VLAN1) to a switch. This switch would be connected to a router used as a gateway to the internet. Question: would this prevent the hosts (VLANS) from communicating as long as there is no trunking protocol running between the switch and router? I don't want them to be able to communicate. I only have one 100 Mbs port on the router. Thanks.

Labels:
0 Helpful
3 Replies 3

mparekh
Level 3
Level 3

‎11-28-2005 05:55 PM

To answer your question by not running trunking protocol it will prevent communication between hosts on the different vlans.

But if you don't run any trunking protocol between the router and switch then only one vlan will be able to access the router and thus the internet(whatever vlan the port connecting to the router is in).

In order to have all the hosts on different vlans access the internet you will need to trunking from the switch to the router. Then you can use access-lists on the router to prevent the vlans from talking to each other either by hosts ip addresses or by using vlan access-lists.

0 Helpful

butchbrx
Level 1
Level 1
In response to mparekh

‎11-29-2005 11:35 AM

Thank you for the reply. My understanding of VLANs was that the frame tagging information was stripped as it was forwarded to the router from the switch then added back when it entered the switch returning to the host. Traffic between the switch and router would be normal ethernet communication. I'm picturing this as a router on a stick since it's a stub network. Thanks.

0 Helpful

mparekh
Level 3
Level 3
In response to butchbrx

‎11-29-2005 11:47 AM

Router on a stick is generally used when you want to use a router to do intervlan routing. Link below has a Router on Stick configuration:

http://www.cisco.com/warp/public/473/50.shtml

Your router is connected to a physical port on the switch, you probably assigned that port to a specific VLAN say VLAN 100. Now only those hosts in that VLAN 100 will be able to communicate with the router. None of the other hosts on different VLANs will be able to reach the router unless you have a layer 3 switch that does the intervlan routing.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card