Cisco Systems isolate vlans from each other
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
isolate vlans from each other tg 07-11-09
Posted by tg on July 11, 2009, 7:50 am
Please log in for more thread options
cisco 2651XM router
IOS: c2600-adventerprisek9-mz.124-15.T8.bin

I have a vlan1 on 172.16.0.x and a vlan192 on 192.168.0.x. Both vlans are
routed through Dialer0 so they can surf the internet. At the moment both
these vlans can ping each other. I want to isolate vlan1 and valn192 from
each other so neither network can ping the other but I still want them both
to access the internet. How can I do this? Here is a small section of my
current config Thanks for any advice.

interface Vlan1
 ip address 172.16.1.30 255.255.0.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan192
 ip address 192.168.0.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer0
 ip nat outside

<snip>

ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
!
access-list 1 permit 172.16.0.0 0.0.255.255
access-list 2 permit 192.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit








Posted by bod43 on July 11, 2009, 11:37 pm
Please log in for more thread options

Just a nit-pick, your 172 VLAN is 172.16.x.x.
"I have a vlan1 on 172.16.0.x and a vlan192 on 192.168.0.x."

conf t

ip access-list e ACL.172.in
deny 172.16.0.0 0.0.255.255 192.168.0.0 0.0.0.255
permit ip any any

ip access-l e ACL.192.in
deny 192.168.0.0 0.0.0.255 172.16.0.0 0.0.255.255
permit ip any iny

interface Vlan1
ip access-group ACL.172.in in

int vl 192
ip access-group ACL.192.in in

end

! Once you are happy with the changes, save them
copy run start

Your problem descripton and question was by the way
exemplary. Perfectly expressed - in my view.

sh ip access-l  ! To see what you actually have.

Good luck.

Posted by bod43 on July 11, 2009, 11:41 pm
Please log in for more thread options

Sorry a few typos. Did not try it on a router.

conf t

ip access-list e ACL.172.in
deny ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.0.255
permit ip any any

ip access-l e ACL.192.in
deny ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.255.255
permit ip any any

interface Vlan1
ip access-group ACL.172.in in

int vl 192
ip access-group ACL.192.in in

end

! Once you are happy with the changes, save them
copy run start

sh ip access-l  ! To see what you actually have.

Posted by tg on July 12, 2009, 6:04 am
Please log in for more thread options


ok bod thanks very much for your feedback.



Similar ThreadsPosted
isolate vlans from each other July 11, 2009, 7:50 am
how to isolate vlan from others & WAP May 25, 2007, 11:18 am
Windows - Browsing across vlans and also DC's on separate vlans November 16, 2005, 9:26 pm
10.0.0.0/16 and a 10.0.1.0/24 VLANs on the same box? August 9, 2005, 10:03 am
VLANs March 31, 2006, 3:49 pm
PIX 5.6 (no E) VLANs? July 18, 2006, 5:19 pm
Not seeing all VLANS October 12, 2007, 3:45 am
Vlans September 14, 2009, 12:54 pm
Vlans September 15, 2009, 8:44 am
Max VLANs April 15, 2010, 10:53 am
Loopback and VLANS October 30, 2005, 12:10 am
SSL Certificate and Vlans January 27, 2006, 9:27 am
VLANs and scanners March 15, 2006, 6:23 pm
vlans on 2948 April 4, 2006, 4:07 am
pix 515: traffic between vlans April 4, 2006, 12:36 pm
Latest PostsForumRSS
NEWS: Samsung takes on the Apple iPad with the 7 inch Galaxy... Wireless Networking
c3560 port configuration Cisco Systems
Broadband 2010: A Big Slowdown [telecom] General Telecommunications Forum
Control Hot Water Circ Pump With X10? General Home Automation
Official Course CCNP TSHOOT 642-832 / Foundation Learning Gu... Cisco Certification
Speedflow Communications Honored for Innovation Voice-Over-IP
USB _to_ RJ45 (not from) connection Ethernet LAN
FAQ: Maximizing cable modem or DSL speed Cable Modems
CASH FOR CISCO - I BUY USED AND NEW EQUIPMENT & LOTS MOR... Telecom Technical
FAQ: Maximizing cable modem or DSL speed Digital Subscriber Line
How to set up Meridian 1 to "provide clock" to a C... Nortel Networks
New Discovery about WDM LAN and Telecom Cabling
Control Hot Water Circ Pump With X10? Home Automation
Text file to automate restoring a dropped VPN connection. Virtual Private Networks
Home Theater Installation Home Theater
Re: The Turkic Languages in a Nutshell Fiber Optics
sip Video Conferencing
Residential Cabling Guide Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Click Here to learn more