Solved

How to add a VLAN that can't access other VLANs?

Posted on 2013-02-07
3
438 Views
Last Modified: 2013-03-04
I currently have a Cisco switched environment with 2 banks of stacked switches that act as the core switch for their respective location.  These are both configured as VTP servers.  They currently have a few VLANs configured that have access to each other.  How can I add a "Guest Network" VLAN that does not have access to the other VLANs and vice versa?

I need to be able to configure ports on any of the switches to be a member of this "Guest Network" VLAN, but I do not want it to be able to access any other VLANs as I stated above.  How do I configure that?

Thanks!
0
Comment
Question by:VIBT
3 Comments
 
LVL 21

Accepted Solution

by:
Rick_O_Shay earned 250 total points
Comment Utility
I had posted this earlier but it ended up in a case I never opened.

VLANs are isolated by design so if you don't allow routing between the Guest and other VLANs it should be isolated.
You probably want to he guest to get to the Internet so that most likely won't work.
Your other option is to manage the traffic flow using ACLs.
0
 
LVL 10

Assisted Solution

by:mat1458
mat1458 earned 250 total points
Comment Utility
Primarily by not configuring the "interface vlan xx" but only the "vlan xx". But as you probably want to be able to let the guests do anything else than talking to eachother you might need to tell us a bit more about your topology. Are there firewalls and if so do you have any free interfaces or do you trunk/tag the traffic towards the firewall?
0
 

Author Closing Comment

by:VIBT
Comment Utility
Thanks guys!  from your responses I believed that what I wanted to do was not possible with my limited Cisco knowledge and the limited time I had to implement.  I ended up implementing an additional physical switch that I was able to free up and kept the Guest Network physically separate from my internal LAN.

Thanks!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Windows 7 Share with XP 22 57
Best sims for HP switches 4 29
Security Alert 2 38
vMotion VLAN or just any IP address will do ? 8 24
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now