1. Home
  2. Cisco Systems
  3. Set 6500 not to route certain VLANs

Set 6500 not to route certain VLANs

Hello all,

I had a quick question about a Cisco 6500 router... is it possible to set the supervisor module to not route between certain VLANs configured on the router? For example, I have the 6500 router on the inside interface of a Cisco ASA that terminates VPN connections. When a user connects to the ASA via VPN he/she gets assigned an ip address and gets forwarded on to the router. The router then uses ACLs to allow the users to certain subnets on the back side of the router. This is in a lab environment where many test beds reside, each test bed having it's own subnet or subnets and each subnet belonging to a VLAN on the 6500. Some of the test beds have multiple subnets that are separated by firewalls and routers for testing purposes. These are cases when I do not want the 6500 to route between VLANs, I want the firewalls and routers being tested to route the traffic. However, I still want the subnets connected to the 6500 so users who VPN to the test bed can have access.

Hopefully this made sense... does anyone know if this is possible?

Reply to
Bryan
Loading thread data ...

vrf may suit you.

This creates multiple virtual routers inside one router. I understand that they can be completely independent.

You could always use more ACLs?

Reply to
Bod43

I'm not completely certain I am clear on the situation but during the times you do not want the 6500 to route, couldn't you simply shut that vlan interface down on the router within the 6500? This would disable all routing at that level and would leave this dependant on any other routers attached to the vlan to take care of the routing. The vlan itself would remain up, but the interface routing it would be down.

Also, if you're using dynamic routing protocols, and not static routing, you could change the bandwidth values to make it a less desirable route than any other routers on the VLAN.

What OS are you running on the 6500, CatOS or IOS? Are you using multilayer or just simply running it as a switch and router in the same chasis?

Would you be able to provide more information such as more detailed topology, specific times when you would not want it to route as well as when you would, etc?

Ryan

Reply to
rdymek

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.