Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
73
Views
0
Helpful
0
Replies

VLANs Configuration

dianawinskymartin
Level 1
Level 1

‎10-01-2024 05:16 AM

I'm encountering an issue with VLAN segmentation on my network. I have 10 VLANs, where some need to communicate with each other while others should remain isolated. 

For example, I have VLANs 10, 20, and 30:

-VLAN 10 (in Static) should communicate with VLAN 20.
-VLAN 20 (in DHCP) should communicate with all VLANs.
-VLAN 30 (in DHCP) should be isolated from all other VLANs.

Here’s what I’ve observed on the switch:

1. When checking the access lists during troubleshooting, I don't see any matches for denied traffic (e.g., pings between VLANs that shouldn’t communicate), but I do see matches for traffic to its own gateway.
2. Devices in each VLAN can only ping their respective gateways.

I’ve tried various troubleshooting methods, including verifying trunking configurations, but I haven't been able to resolve the issue.

 

Here's a sample configuration that looks like with my current config in C9500:

ip access-list extended VLAN10
deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.1.255
permit ip any any
int vlan 10
ip access-group VLAN10 in

ip access-list extended VLAN20
permit ip any any
int vlan 20
ip access-group VLAN20 in

ip access-list extended VLAN30
deny ip 192.168.30.0 0.0.1.255 192.168.10.0 0.0.0.255
deny ip 192.168.30.0 0.0.1.255 192.168.20.0 0.0.0.255
permit ip any any
int vlan 30
ip access-group VLAN30 in

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card