Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
0
Helpful
2
Replies

Vlan Separation with ACL's

RyanDundee
Level 1
Level 1

‎02-04-2013 09:15 PM - edited ‎03-07-2019 11:30 AM

So, I am playing around with a router. I have 4 vlans and I dont want any of them to be able to communicate with each other. Not sure the best way to accomodate this. Here is my thought... Please feel free to critique.

ip access-list extended Vlan1-ACL

deny  ip vlan1subnet 0.0.0.255 host vlan2

deny  ip vlan1subnet 0.0.0.255 host vlan3

deny  ip vlan1subnet 0.0.0.255 host vlan4

permit ip any any

ip access-list extended Vlan2-ACL

deny  ip vlan2subnet 0.0.0.255 host vlan1

deny  ip vlan2subnet 0.0.0.255 host vlan3

deny  ip vlan2subnet 0.0.0.255 host vlan4

permit ip any any

ip access-list extended Vlan3-ACL

deny  ip vlan3subnet 0.0.0.255 host vlan1

deny  ip vlan3subnet 0.0.0.255 host vlan2

deny  ip vlan3subnet 0.0.0.255 host vlan4

permit ip any any

ip access-list extended Vlan4-ACL

deny  ip vlan4subnet 0.0.0.255 host vlan1

deny  ip vlan4subnet 0.0.0.255 host vlan2

deny  ip vlan4subnet 0.0.0.255 host vlan3

permit ip any any

Thanks!

Labels:
0 Helpful
2 Replies 2

Abzal
Level 7
Level 7

‎02-04-2013 11:37 PM

Hi,

Second option you can use Private-VLAN but it is done by switches L2 separation.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/pvlans.html

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
0 Helpful

milan.kulik
Level 10
Level 10

‎02-05-2013 12:25 AM

Hi,

why

deny  ip vlan1subnet 0.0.0.255 host vlan2 ?

Shoudln't be

deny  ip vlan1subnet 0.0.0.255 vlan2subnet 0.0.0.255 ?

etc.

(Supposing all your subnets are /24.)

HTH,

Milan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card