You can use the interface

z080236 · ‎06-23-2016

1. Let's say I have 2 subnets , 192.168.1.0/24 and 192.168.2.0/24, i want to configure interfaces 0/1 to 0/12 to VLAN1 to cater for 192.168.1.0/24 and interfaces 0/13 to 0/20 to cater for 192.168.2.0/24, the traffic from VLAN1 can communicate to VLAN2.

What is the CLI command for the above?

2. Let's say I have 2 same subnet , 192.168.2.0/24 ,

VLAN1 192.168.2.0/24 ports 0/1 to 0/12

VLAN2 192.168.2.0/24 ports 0/13 to 0/20

Traffic from VLAN1 should not be able to communicate to VLAN2.

How do I configure this in the CLI?

Mark Malone · ‎06-23-2016

You can use the interface range command to do multiple ports at once

interface range g0/1 - 12

switchport mode access

switchport access vlan 1

If you want to block the vlans speaking to each other the easiest way to do is probably an access list applied to the layer 3 SVI for those vlans and deny the subnets by ip speaking to each other

Just an example

interface vlan x

ip access-group 189 in

ip access-group 189 out

!

access-list 189 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 189 permit ip any any

The other way to do is use private vlans

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

VLAN switch questions