AXISHK
asked on
VLAN configuration on Catalyst switch
My default, all VLANs configured in Catalyst switch can be communicated with each other and I don't need to put "ip routing", correct ?
How to configure switch such that VLAN 3 can't communicate with VLAN 4?
Tks
How to configure switch such that VLAN 3 can't communicate with VLAN 4?
Tks
ASKER
Any configuration example to follow ? Tks
If you do "no ip routing", neither of the vlans will be able to communicate any where
Here's an example
- Assuming vlan 3 is 192.168.3.0 /24 and vlan 4 is 192.168.4.0 /24
- Create an access-list, you can call it anything. I used NO-VLAN4-COMM
ip access-list extended NO-VLAN4-COMM
deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
permit ip any any
- Apply the access-list to either vlan 3 or vlan 4. If vlan 3 (in), if vlan 4 (out). I applied it to vlan 3
interface vlan3
ip access-group NO-VLAN4-COMM in
Note the statement on the access-list. If you reverse it 4 eg to
deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
Interpretation
deny ip source to destination
Then the direction when applying the access list would change also.
for vlan 3, out (for outbound), for vlan 4, in (for inbound)
The concept of inbound and outbound is a little confusing but you'll get used to it after a while of practice
Here's an example
- Assuming vlan 3 is 192.168.3.0 /24 and vlan 4 is 192.168.4.0 /24
- Create an access-list, you can call it anything. I used NO-VLAN4-COMM
ip access-list extended NO-VLAN4-COMM
deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
permit ip any any
- Apply the access-list to either vlan 3 or vlan 4. If vlan 3 (in), if vlan 4 (out). I applied it to vlan 3
interface vlan3
ip access-group NO-VLAN4-COMM in
Note the statement on the access-list. If you reverse it 4 eg to
deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
Interpretation
deny ip source to destination
Then the direction when applying the access list would change also.
for vlan 3, out (for outbound), for vlan 4, in (for inbound)
The concept of inbound and outbound is a little confusing but you'll get used to it after a while of practice
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tks
If you don't want to communicate between vlans then you need to apply access list on the vlan interface