Cisco 3750 VLAN

Hi,

I have Cisco 3750 switch. I configured 3 Vlans on it. VLAN 10,20,and 30. Is there anyway that I can give VLAN 10 access to  VLAN 20 and deny it from access VLAN 30? I mean I want network of VLAN 10 and 20 to see each other and communicate but can not access network of VLAN 30

VLAN 10 network 192.168.1.0
VLAN 20 network 192.168.2.0
VLAN 30 network 192.168.3.0

Thx
Math TecAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Muhammad Farjad ArshadSystem EngineerCommented:
Yes you can do that by creating inter vlan routing between the two vlan for which you need a layer 3 device like router or a L3 switch.
You can perform intervlan routing via router on stick or by sci (switch virtual interface).
Secondly if you don't want to open a communication channel with vlan 30 don't include it in intervlan routing in first place or enable ACL (access control list) for it to deny communication with clan 10 and 20
Math TecAuthor Commented:
Hi,

I did this command on switch 3750 L3 switch
sw3(config)# vlan 10
sw3(config-if)# ip address 192.168.1.254 255.255.255.0
sw3(config)# vlan 20
sw3(config-if)# ip address 192.168.2.254 255.255.255.0
sw3(config)# vlan 30
sw3(config-if)# ip address 192.168.3.254 255.255.255.0
sw3(config)# ip routing

this command enable routing on all vlans. but I need to deny vlan 30 from access other vlans

any help will be appreciated
Muhammad Farjad ArshadSystem EngineerCommented:
Use ip route 0.0.0.0 0.0.0.0 192.168.1.0
Similarly for 192.168.2.0 subnet and due to implicit deny it won't communicate with third vlan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Don JohnstonInstructorCommented:
If you don't want VLAN 30 to access anything, don't assign an IP address to the VLAN 30 interface.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VLAN

From novice to tech pro — start learning today.