[c-nsp] Restricted specific VLAN contacting other VLANs in catalyst 3750 switch

Garrett garrett at skjelstad.org
Mon Sep 26 22:33:36 EDT 2022 

isn't this what pvlans are for?

On Mon, Sep 26, 2022, at 19:23, trgapp16 via cisco-nsp wrote:
> Hello,
>
> We use Cisco Catalyst 3750 switch as  small data center (DC)/Core 
> Switch on which nearly 
> 200 VLANs sit, having internet connectivity through a ADSL modem/router.
>
> SVI/RVIs are defined for all these 200 VLANs on the same DC/Core Switch.
>
> We have the following requirement:
>
> VLAN 1 - 190: should communicate among themselves and to internet
>
> VLAN 191: having network address 192.168.1.0/28 should not communicate 
> with any other 
> VLAN except internet
>
> To meet this requirement we used the following VACL configuration
>
> SW(config)#access-list 100  permit ip 192.168.1.0 0.0.0.15 any
>
> SW(config)#vlan access-group XYZ 10
>
> SW(config-access-map)#match ip address 100
>
> SW(config-access-map)#action drop
>
> SW(config-access-map)#vlan access-group XYZ 20
>
> SW(config)#vlan filter XYZ vlan-list 1-190
>
> By doing this VLAN 1-190 are not able to contact vlan 191, but to internet and 
> among themselves(vlan 1-190).
>
> Hosts in VLAN 191 are not able to contact the hosts in 1-190 VLANs(this 
> is 
> also fine), but hosts in VLAN 191 are contacting the SVI/Gateways of 
> 1-190 VLANs.
>
> Is there anything wrong in my VACLs configuration or sequence of ACLs.
>
> Any help is greatly appreciated.
>
> Thanks in advance
>
> Mounika M
>
> ### Please consider the environment and print this email only if 
> necessary . Go Green 
> ### 
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
> Disclaimer : 
> This email and any files transmitted with it are confidential and 
> intended 
> solely for the use of the individual or entity to whom they are 
> addressed. 
> If you are not the intended recipient you are notified that disclosing, 
> copying, distributing or taking any action in reliance on the contents 
> of this 
> information is strictly prohibited. The sender does not accept 
> liability 
> for any errors or omissions in the contents of this message, which 
> arise as a 
> result.
>
> -- 
> Open WebMail Project (http://openwebmail.org)
>
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list