Hi, I need to be pointed in the right direction as I'm both a newbie to Cisco and I've found myself stuck in what seems to be a simple problem. I've successfully set up a Cisco 3550 with EMI software. The switch is up and running and is currentely only using 2 ports. One port acts as an "uplink" port to the corporate network. All of our network resources are in the IP range of e.g. 10.32.0.0 (except Internet ofcourse), there's a default route in the 3550 for that. Now.... I'm adding other network resources to the switch and for each resource that physically connects to the switch, I create a VLAN for it and do all the routing. So far, so good... When I connect an extra network resource to the switch, i.e. a router I'm able to ping resources on other ports/VLANs. Example. Port 1 -> Connected to a router with a VLAN that it's a member of (VLAN100) Port 2 -> Connected to a router with a VLAN that it's a member of (VLAN101) Resources on port 1 can ping/connect to resources on port 2. They are not member of the same VLAN, and they're in seperate subnets. Let's say that my network on Port 1 is 10.1.1.0 and Port 2 is 10.1.2.0. I don't want these to be able to communicate with eachother. These networks are only allowed to access hosts on the corporate network through port 24 (uplink) and only to access the 10.32.0.0 network. (There is a 10.33.0.0 for DMZ, although not relevant here) This is a simple problem for someone that knows how to do it... Any pointers in the right direction as well as hints is much appreciated. Best Regards, Nick
