Restricting traffic between two VLANs

Discussion in 'Cisco' started by RichW, Feb 28, 2009.

  1. RichW

    RichW

    Joined:
    Feb 28, 2009
    Messages:
    2
    I am configuring a Cisco 2811 with two fast ethernet interface. One, goes to my ISP. The other is configured to support three VLANs. My understanding (possibly wrong) is that routes between any two VLANS are enabled automatically.

    VLAN 1 serves most of the nodes in my network with private addresses 192.168.0.0/23 and uses NAT pool to get to the Internet

    VLAN 2 is my DMZ which uses my public IP assignment (half a class C)

    VLAN 3 is a replacement for an exisitng DSL service and uses private addresses 10.0.0.0/26 and uses the same NAT pool to get to the Internet.

    I want to prohibit traffic between VLAN 1 and VLAN 3 but permit both of them to access VLAN 2 and the Internet.

    Pardon me if this is a simple question but I am new to IOS and couldn't find the solution in my reference books.
    RichW, Feb 28, 2009
    #1
    1. Advertising

  2. RichW

    donjohnston

    Joined:
    Jun 28, 2008
    Messages:
    38
    You didn't specify which interface connects to the switch and which connects to the internet. This example assumes f0/0 connects to the switch.

    conf t
    access-list 1 deny 10.0.0.0 0.0.0.31
    access-list 1 permit any
    access-list 2 deny 192.168.0.0 0.0.1.255
    access-list 2 permit any
    int f0/0.1 ! sub interface to VLAN1
    ip access-group 1 out
    int f0/0.3 ! sub interface to VLAN3
    ip access-group 2 out
    donjohnston, Mar 1, 2009
    #2
    1. Advertising

  3. RichW

    RichW

    Joined:
    Feb 28, 2009
    Messages:
    2
    Thanks for the great info, Don.

    The VLAN inerface is actually f0/1, but i get the concept now. your reply was EXTREMELY helpful!

    RichW
    RichW, Mar 1, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ESM
    Replies:
    8
    Views:
    3,056
    roahboah
    Jul 19, 2005
  2. Young Neil

    pix 515: traffic between vlans

    Young Neil, Apr 4, 2006, in forum: Cisco
    Replies:
    1
    Views:
    499
    Walter Roberson
    Apr 4, 2006
  3. AJ

    Restricting VPN Traffic

    AJ, Apr 13, 2006, in forum: Cisco
    Replies:
    4
    Views:
    754
    rdymek@gmail.com
    Apr 14, 2006
  4. Bob Simon
    Replies:
    0
    Views:
    500
    Bob Simon
    Feb 11, 2007
  5. Gary G. Taylor

    NTL IS RESTRICTING HIGH-TRAFFIC SITES/USERS

    Gary G. Taylor, Nov 29, 2006, in forum: Computer Support
    Replies:
    18
    Views:
    724
    =?ISO-8859-1?Q?Brian_H=B9=A9?=
    Dec 6, 2006
Loading...

Share This Page