Solved

How to add a VLAN that can't access other VLANs?

Posted on 2013-02-07
3
444 Views
Last Modified: 2013-03-04
I currently have a Cisco switched environment with 2 banks of stacked switches that act as the core switch for their respective location.  These are both configured as VTP servers.  They currently have a few VLANs configured that have access to each other.  How can I add a "Guest Network" VLAN that does not have access to the other VLANs and vice versa?

I need to be able to configure ports on any of the switches to be a member of this "Guest Network" VLAN, but I do not want it to be able to access any other VLANs as I stated above.  How do I configure that?

Thanks!
0
Comment
Question by:VIBT
3 Comments
 
LVL 21

Accepted Solution

by:
Rick_O_Shay earned 250 total points
ID: 38864445
I had posted this earlier but it ended up in a case I never opened.

VLANs are isolated by design so if you don't allow routing between the Guest and other VLANs it should be isolated.
You probably want to he guest to get to the Internet so that most likely won't work.
Your other option is to manage the traffic flow using ACLs.
0
 
LVL 10

Assisted Solution

by:mat1458
mat1458 earned 250 total points
ID: 38866959
Primarily by not configuring the "interface vlan xx" but only the "vlan xx". But as you probably want to be able to let the guests do anything else than talking to eachother you might need to tell us a bit more about your topology. Are there firewalls and if so do you have any free interfaces or do you trunk/tag the traffic towards the firewall?
0
 

Author Closing Comment

by:VIBT
ID: 38950485
Thanks guys!  from your responses I believed that what I wanted to do was not possible with my limited Cisco knowledge and the limited time I had to implement.  I ended up implementing an additional physical switch that I was able to free up and kept the Guest Network physically separate from my internal LAN.

Thanks!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
tamper proof asset tags - benefits 4 61
Error after upgrade of 3850s 15 54
Port status messages not appearing in console 11 34
How to disable sflow Cisco nexus 9k 3 18
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question