1. Home
  2. Ethernet LAN
  3. Confused by VLAN...

Confused by VLAN...

Hi

I have four devices, that I need to segregate..A,B,C,D

Will this work::

VLAN 1 A+B

VLAN 2 B+C

VLAN 3 C+D

What I don't want is:

Data from A,B to go to D Data from C to go to A

Help.. Thanks

Reply to
jerryyang_la1
Loading thread data ...

Insted of setting up a bunch of VLANS for only 4 devices, try writing an ACL table restricting the IP's of those devices OR you could setup the VLANS and just segregate the Subnets you want through your ACL. Either way I think your going to have to write an ACL for your setup.

Hope you figure it out.

Chris.

Reply to
Synth42

No. VLANs as do R(eal)LANs separate their members, which can happily communicate, from the rest. Imposing policies on hosts has nothing to do with LANs.

Reply to
Manfred Kwiatkowski

ACL ???

Reply to
jerryyang_la1

Evening Manfred,

Your statement I understand and totally agree with, however the way I read Jerry's orig post was that he wanted to segregate those VLAN's, but then also grant and then restrict access to VLAN's which made me think of writing an ACL table. If I read it wrong I'm sorry, but that's the way it seemed he wanted it to do. Do you have any solutions?

Reply to
Synth42

Sorry Jerry, An ACL stands for Access Control List. It's a table that has a list of instructions setup to allow or disallow protocols, subnets, hosts, servers, etc. to talk with each other. It sits on your router and acts as the police of the network.

Chris.

Reply to
Synth42

as each vlan is its own network just put each host into the apropriate networks and remeber to turn of bridgeing

ie a is in vlan 1 b is in vlan 1 and 2 c is in vlan 2 and 3 d is in vlan 3

Reply to
developers

Can you (for instance) assign VLANs by MAC address, and then allow multiple VLANs to talk to the Internet router on a single port?

Are there any good tutorials out there on VLANs? I'm pretty sure I want to set them up in some new construction I'm wiring up, but I don't want to learn the limitations of VLANs _after_ spending thousands of dollars on the hardware I think will work...

Essentially we want to be able to allow only certain machines (by MAC address and/or switch port number) to be on the Private LAN, and let everyone else be on the Public VLAN, and only have internet access.

Thanks!

Reply to
William P.N. Smith

VLANS by mac address

Ill have to look at my cisco books - and get back to you it ringn a faint bell youd have to use VMPS or similar to dynamicly asign ports to Vlans

The Todd Lamele CCNA book gives a basic introduction to VLANS

Your right you use a router (with subinterfaces) to say which host can cross vlans and go out to the internet - though thats ACL's teritory

Reply to
developers

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.