Skip to main content

VLAN traffic blocking from and to other VLANS Cisco

More
14 years 1 month ago #33559 by dxmen
I have 4 VLANs on a Cisco 4500 L3 switch
VLAN 2
VLAN 3
VLAN 4
VLAN 5
I want to block in / out traffic from VLAN 4 & 5 to VLAN 3, any suggestions? thanks
More
14 years 1 month ago #33562 by ZiPPy
Just curious about your switch...

Which 4500 series are you using?
Which Supervisor card?
What other cards do you have installed?


Cheers,

ZiPPy

ZiPPy
More
14 years 1 month ago #33569 by dxmen
I'm using a 4506-E with a Supervisor V 1000Base & 24 10/100/1000 port card
More
14 years 1 month ago #33575 by FlipRich
I'm not too familiar with that model switch but have tried just setting up extended ACL's?

Rich
Network Engineer /CCNP, CCNA-S
Tallahassee, FL
More
14 years 1 month ago #33577 by dxmen
No I have not Richard, I need suggestions on what would be the best option to complete this task, I'm starting to know my way arround Cisco IOS I will appreciate any help, thanks
More
14 years 1 month ago #33578 by S0lo
I assume here that the L3 switch is doing routing.

I did not work on the 4500. But generally, as FlipRich said, an extended access list will do well. Say for example you have VLAN1 as 192.168.1.x and VLAN2 as 192.168.2.x. To block traffic from VLAN1 to VLAN2 you would first define an ACL:

[code:1]access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip any any[/code:1]

This defines it but doesn't apply it. Now we will apply on Vlan1 interface:

[code:1]interface Vlan1
ip access-group 100 in[/code:1]

This will stop the traffic as soon as it enters Vlan1 interface so there is no overhead of routing occurring. The ACL can be defined in other ways, this is one way.

Tell us if you need further help.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
Time to create page: 0.149 seconds