?
Solved

Routing mangement

Posted on 2007-10-19
5
Medium Priority
?
158 Views
Last Modified: 2010-04-02
I have 5 VLAN segments with these IDs
VLAN1: 192.168.1.0/24
VLAN2: 192.168.2.0/24
VLAN3: 192.168.3.0/24
VLAN4: 192.168.4.0/24
VLAN5: 192.168.5.0/24
all connected via 5 routers.
I need any PC into VLAN1 to see any PC into the same VALN and all ather 4 VLANs and any PC into other VLANs from 2 to 4 can not see other VLANs. Please help me for that issue.
0
Comment
Question by:mtarabay
  • 3
  • 2
5 Comments
 
LVL 11

Expert Comment

by:tvman_od
ID: 20116503
Think about VLANs as a separate networks, so you need to use trivial ACLs on the routers.

The question is
1. What do you mean saying "PC can/cannot see other PC". Which protocol, service?
2. Do you have a diargram how your 5 routers interconnected?
0
 

Author Comment

by:mtarabay
ID: 20116927
1. i mean that i want PCs into VLAN1 can ping through TCP/IP to all other VLANs while any PC into VLANs from 2 to 5 can only ping to PCs which connected with its VLAN segment (dont ping to other PCs into other VLANs).
2. routers are connected with each other directly through fiper optic backbone while every router connected to its VLAN segment through gigaspeed copper UTP cables.
0
 
LVL 11

Expert Comment

by:tvman_od
ID: 20118086
1. It will be natural that if a PC from VLAN 1 can ping another PC from VLAN 2, that PC2 will be able to ping PC1 unless you filter by type of icmp.

2. You need to create an access lists and apply to the IP interfaces

VLAN1

ip access-list extended FILTER-IN
 remark block ping requests
 deny icmp any 192.168.1.0 0.0.0.255 echo
 remark block any TCP connection attempts
 deny tcp any 192.168.1.0 0.0.0.255 syn
 remark permit everything alse
 permit ip any any

apply this to IP interface of the VLAN1 router in inbound direction

VLAN 2 and all other

ip access-list extended FILTER-IN
 remark permit all from VLAN1 and deny everything else
 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

ip access-list extended FILTER-OUT
 remark permit all to VLAN1 and deny everything else
 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

Apply this filter to IP interfaces of routers 2-5 replacing local ip addresses in both directions.
0
 

Author Comment

by:mtarabay
ID: 20120930
Thanks tvman  od.
I have tried to use static route into all routers and disable RIP with this configuration:
VLAN1 Router:
192.168.1.0/24  gateway  192.168.1.1
192.168.2.0/24  gateway  192.168.2.1
192.168.3.0/24  gateway  192.168.3.1
192.168.4.0/24  gateway  192.168.4.1
192.168.5.0/24  gateway  192.168.5.1

VLAN2 Router:
192.168.2.0/24  gateway  192.168.2.1
192.168.1.0/24  gateway  192.168.1.1

VLAN3 Router:
192.168.3.0/24  gateway  192.168.3.1
192.168.1.0/24  gateway  192.168.1.1

VLAN4 Router:
192.168.4.0/24  gateway  192.168.4.1
192.168.1.0/24  gateway  192.168.1.1

VLAN5 Router:
192.168.5.0/24  gateway  192.168.5.1
192.168.1.0/24  gateway  192.168.1.1

Did the above configuration useful into my case while every VLAN become isolated from others except VLAN1?
0
 
LVL 11

Accepted Solution

by:
tvman_od earned 1000 total points
ID: 20123572
I'm not really getting how did you connect your routers. Can you post configuration of VLAN1 router and a simple diagram how do you have it connected? In order to route something, the routers need to have an interface in the same network, from you config VLAN1 router has interface in 1,2,3,4,5th networks. If there is no IP, you send it to local interface by name, but it's not possible for interfaces with shared medea like ethernet.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question