Cisco 3750 VLAN


I have Cisco 3750 switch. I configured 3 Vlans on it. VLAN 10,20,and 30. Is there anyway that I can give VLAN 10 access to  VLAN 20 and deny it from access VLAN 30? I mean I want network of VLAN 10 and 20 to see each other and communicate but can not access network of VLAN 30

VLAN 10 network
VLAN 20 network
VLAN 30 network

Math TecAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Muhammad Farjad ArshadSystem EngineerCommented:
Yes you can do that by creating inter vlan routing between the two vlan for which you need a layer 3 device like router or a L3 switch.
You can perform intervlan routing via router on stick or by sci (switch virtual interface).
Secondly if you don't want to open a communication channel with vlan 30 don't include it in intervlan routing in first place or enable ACL (access control list) for it to deny communication with clan 10 and 20
Math TecAuthor Commented:

I did this command on switch 3750 L3 switch
sw3(config)# vlan 10
sw3(config-if)# ip address
sw3(config)# vlan 20
sw3(config-if)# ip address
sw3(config)# vlan 30
sw3(config-if)# ip address
sw3(config)# ip routing

this command enable routing on all vlans. but I need to deny vlan 30 from access other vlans

any help will be appreciated
Muhammad Farjad ArshadSystem EngineerCommented:
Use ip route
Similarly for subnet and due to implicit deny it won't communicate with third vlan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Don JohnstonInstructorCommented:
If you don't want VLAN 30 to access anything, don't assign an IP address to the VLAN 30 interface.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.