<div>
Ok, do I apply them in the VLAn Interface, in , or out?<br />

</div>


Ok, do I apply them in the VLAn Interface, in , or out?


<div>
is the switch doing routing for the VLANs or is there a router too? &nbsp;usually these lists are applied to interfaces or subinterfaces on routers, unless the switch functions at layer3. &nbsp;the lists will be applied inbound. &nbsp;you may need to add the statement <br />
access-list 100 permit ip any any at the end to allow internet traffic to keep flowing.
</div>


is the switch doing routing for the VLANs or is there a router too?  usually these lists are applied to interfaces or subinterfaces on routers, unless the switch functions at layer3.  the lists will be applied inbound.  you may need to add the statement
access-list 100 permit ip any any at the end to allow internet traffic to keep flowing.

<div>
you can use VLAN access maps to the trick.<br />
<br />
<a href="http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/secure.html#wp1051696" rel="ugc">http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/secure.html#wp1051696</a><br />

</div>


you can use VLAN access maps to the trick.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/secure.html#wp1051696 [http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/secure.html#wp1051696]


<div>
Its layer 3 switch<br />
Thanks
</div>


<div>
<div class="content wysiwyg-content">
Hi All,<br />
&nbsp;I have 10 VLANs configured in my Cisco 4507 switch, Vlan 2, 3, 4 ,etc, &nbsp;as 192.168.1.1, 192.68.2.1 and so on, currently all VLANs can ping each others, for example VLAN 2 can ping 3,4,5, etc, I want to implement some VLAN access list to prevent VLANs to access each other, but I want VLAN 2 to be accessible by all oher VLANs, please support.<br />
Thanks<br />

</div>
</div>


Hi All,
 I have 10 VLANs configured in my Cisco 4507 switch, Vlan 2, 3, 4 ,etc,  as 192.168.1.1, 192.68.2.1 and so on, currently all VLANs can ping each others, for example VLAN 2 can ping 3,4,5, etc, I want to implement some VLAN access list to prevent VLANs to access each other, but I want VLAN 2 to be accessible by all oher VLANs, please support.
Thanks


Cisco VLAN Routing VACLs on Cisco 4507 Switch

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

Switches / Hubs

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.