Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

5406zl routing, vrrp and vlans, security

SOLVED
Go to solution
Kenneth Østrup
Occasional Advisor

5406zl routing, vrrp and vlans, security

Hi,

I'm trying to configure a set of 5406zl with routing (vrrp) between vlans.

I've got 3 vlans.

The first two vlans are assigned to each a group of users.

These users needs to connect
to a server on the third vlan.

Is there any way to prevent each vlan from communicating through the routers?

I can't seem to find any documentation on this.

Thanks.
Kenneth
5 REPLIES
Kenneth Østrup
Occasional Advisor

Re: 5406zl routing, vrrp and vlans, security

> Is there any way to prevent each vlan from communicating through the routers?

I mean, is there any way to prevent the two vlans from communicating with each other through the routers? I still want them to reach the server on the third vlan.
EckerA
Respected Contributor
Solution

Re: 5406zl routing, vrrp and vlans, security

you can achieve this with ACLs. How to set this up you can find in the manuals.
hth
alex
Kenneth Østrup
Occasional Advisor

Re: 5406zl routing, vrrp and vlans, security

Alex,

Is using ACLs the only way of achieving this?

Thanks.
Kenneth
Pieter 't Hart
Honored Contributor

Re: 5406zl routing, vrrp and vlans, security

Hi there Kenneth,

your question: Is there any way to prevent each vlan from communicating through the routers?
answer: no, all traffic will pass the router.


- When creating vlans, you have got "separate" networks that cannot communicate with eachother.
- Then you configure a router with an interface in each vlan to make communication possible between the vlan's.

NB! normally each vlan has it's own ip-subnet. A router is needed to communicate between subnets (not vlan's).
So all traffic between those vlans wanted or unwanted must pass the router.
Traffic is filtered by defining an ACL.

Alternatively you can give the server a separate interface in each vlan and not configure routing between the vlan's?
Kenneth Østrup
Occasional Advisor

Re: 5406zl routing, vrrp and vlans, security

Thank you Pieter,

I will try to come up with a solution to my problem, using access lists.