Avatar of lonekawboy
lonekawboy asked on

Blocking layer 3 traffic on a Cisco 3560-X switch

I have a 3560X switch that I have routing turned on for and I would like to block all traffic from one specific vlan to all others. I have the following vlans:

VLAN 20 IP Address 10.2.0.14 255.255.0.0
VLAN 23 IP Address 10.23.0.1 255.255.0.0

I have ip routing turned on and I see routes.

I want to block traffic from vlan 23 to vlan 20 and I thought this would work:

access-list 101 deny ip 10.23.0.0 0.0.255.255 any
access-list 101 permit ip any any

vlan 20
ip access-group 101 in

I can still ping 10.2.0.14 from 10.23.0.100.

Ideas?
Switches / HubsNetwork OperationsRouters

Avatar of undefined
Last Comment
Don Johnston

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Frabble

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Don Johnston

Or you could use your existing ACL and apply it outbound on the VLAN 20 interface.
ciscocert

vlan 23 -> 20

access-list 101 deny ip 10.23.0.0 0.0.255.255 10.2.0.0 0.0.255.255
access-list 101 permit ip any any

int vlan 23
ip access-group 101 in



Don Johnston

Ciscocert:

Was it really necessary to post the exact same ACL that Frabble posted an hour earlier?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes