Link to home
Start Free TrialLog in
Avatar of AXISHK
AXISHK

asked on

VLAN configuration on Catalyst switch

My default, all VLANs configured in Catalyst switch can be communicated with each other and I  don't need to put "ip routing", correct ?

How to configure switch such that VLAN 3 can't communicate with VLAN 4?

Tks
Avatar of NetExpert Network Solutions Pte Ltd
NetExpert Network Solutions Pte Ltd
Flag of Singapore image

Ip routing command is default in all the catalyst switched except Cisco 3560 and 3750 switches

If you don't want to communicate between vlans then you need to apply access list on the vlan interface
Avatar of AXISHK
AXISHK

ASKER

Any configuration example to follow ? Tks
If you do "no ip routing", neither of the vlans will be able to communicate any where

Here's an example
- Assuming vlan 3 is 192.168.3.0 /24 and vlan 4 is 192.168.4.0 /24

- Create an access-list, you can call it anything. I used NO-VLAN4-COMM
ip access-list extended NO-VLAN4-COMM
 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
 permit ip any any

- Apply the access-list to either vlan 3 or vlan 4. If vlan 3 (in), if vlan 4 (out). I applied it to vlan 3
interface vlan3
ip access-group NO-VLAN4-COMM in

Note the statement on the access-list. If you reverse it 4 eg to  
deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
Interpretation
deny ip source to destination

Then the direction when applying the access list would change also.
for vlan 3, out (for outbound), for vlan 4, in (for inbound)

The concept of inbound and outbound is a little confusing but you'll get used to it after a while of practice
ASKER CERTIFIED SOLUTION
Avatar of Akinsd
Akinsd
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of AXISHK

ASKER

Tks