Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: VLAN traffic blocking from and to other VLANS Cisco

VLAN traffic blocking from and to other VLANS Cisco 6 years 9 months ago #33559

  • dxmen
  • dxmen's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
I have 4 VLANs on a Cisco 4500 L3 switch
VLAN 2
VLAN 3
VLAN 4
VLAN 5
I want to block in / out traffic from VLAN 4 & 5 to VLAN 3, any suggestions? thanks
The administrator has disabled public write access.

Re: VLAN traffic blocking from and to other VLANS Cisco 6 years 9 months ago #33562

  • ZiPPy
  • ZiPPy's Avatar
  • Offline
  • Expert Member
  • Posts: 500
  • Karma: 0
Just curious about your switch...

Which 4500 series are you using?
Which Supervisor card?
What other cards do you have installed?


Cheers,

ZiPPy
ZiPPy
The administrator has disabled public write access.

Re: VLAN traffic blocking from and to other VLANS Cisco 6 years 9 months ago #33569

  • dxmen
  • dxmen's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
I'm using a 4506-E with a Supervisor V 1000Base & 24 10/100/1000 port card
The administrator has disabled public write access.

Re: VLAN traffic blocking from and to other VLANS Cisco 6 years 9 months ago #33575

  • FlipRich
  • FlipRich's Avatar
  • Offline
  • Distinguished Member
  • Posts: 80
  • Karma: 0
I'm not too familiar with that model switch but have tried just setting up extended ACL's?
Rich
Network Engineer /CCNP, CCNA-S
Tallahassee, FL
The administrator has disabled public write access.

Re: VLAN traffic blocking from and to other VLANS Cisco 6 years 9 months ago #33577

  • dxmen
  • dxmen's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
No I have not Richard, I need suggestions on what would be the best option to complete this task, I'm starting to know my way arround Cisco IOS I will appreciate any help, thanks
The administrator has disabled public write access.

Re: VLAN traffic blocking from and to other VLANS Cisco 6 years 9 months ago #33578

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
I assume here that the L3 switch is doing routing.

I did not work on the 4500. But generally, as FlipRich said, an extended access list will do well. Say for example you have VLAN1 as 192.168.1.x and VLAN2 as 192.168.2.x. To block traffic from VLAN1 to VLAN2 you would first define an ACL:

[code:1]access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip any any[/code:1]

This defines it but doesn't apply it. Now we will apply on Vlan1 interface:

[code:1]interface Vlan1
ip access-group 100 in[/code:1]

This will stop the traffic as soon as it enters Vlan1 interface so there is no overhead of routing occurring. The ACL can be defined in other ways, this is one way.

Tell us if you need further help.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.093 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup