Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me

TOPIC: IOS Firewall With VLANs

IOS Firewall With VLANs 11 years 3 weeks ago #24902

can anyone give me some advice on how to use a 2651 as a firewall to be able to filter on 3 different VLANs coming in on one interface and going out on the other.

In other words I want to bridge for example VLAN10 on fa0/0.10 to VLAN10 on fa0/1.10 and do some filtering in between. I want to bridge a VLAN with the same VLAN, not route between VLANs.

Do I do this as normal but with a seperate bridge per VLAN sub-interface?

Re: IOS Firewall With VLANs 11 years 3 weeks ago #24913

I'm not 100% sure what your asking for?

Vlans are layer 2 constructs. everything on each VLAN is going to be in one subnet. Are you looking to break down the communication at a layer 2 level? You really can't (as far as I know) everything on the vlan acts as if its on the same physical lan.

Maybe i'm not understanding though.

Re: IOS Firewall With VLANs 11 years 3 weeks ago #24944

I'd like to keep them all as if they are on a seperate physical lan.

I'd like the router to receive traffic on each vlan, apply ACLs to it and then pass it out again the other side (for traffic that the ACLs permit of course), independently for each vlan.

So I want the router to perform firewall functions on each vlan but not route traffic between the vlans

Re: IOS Firewall With VLANs 11 years 3 weeks ago #24945

In basic terms a firewall is just a router that applies rules to decide whether it should forward something or not. By definition you can't really deploy an IP firewall unless the two networks at its input and output are different IP networks. I'm not sure therefore how you envisage this working or fully grasp what you mean when you say you want to apply firewalling between VLANs but you don't want to route. I think what you are saying is that you want to selectively route (or deny) based on some sort of set of rules. If so, you can do so using ACLs but it will be messy and might not allow fine enough control for your needs. But you'll have to have each VLAN configured as a different IP network to do so

Re: IOS Firewall With VLANs 11 years 3 weeks ago #24952

Yes, I believe you should be able to configure your VLANs, assign them to different subnets, and apply ACLs to permit/deny traffic.

I'm not sure I fully understand what you are after though.

Re: IOS Firewall With VLANs 11 years 2 weeks ago #24964

Just get a switch that you can create VLANS on, create your vlans, assign ports to your vlans. Get a router with at least two ports, put each port of the router in each vlan. Create your acls on the router.

This will make it easy for you. No trunking at all.
Time to create page: 0.115 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup