Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN isolation and IP routing

Alessandro Baldoni
Occasional Contributor

VLAN isolation and IP routing

In one of our remote offices we have a 2650 with IP ROUTING and the following VLAN defined:

vlan 1
name "DEFAULT_VLAN"
untagged 49
ip address 192.168.1.30 255.255.255.0
exit
vlan 2
name "Foo"
untagged 1-44,50
ip address 192.168.4.33 255.255.255.0
exit
vlan 4
name "Bar"
untagged 45-48
ip address 192.168.254.32 255.255.255.0
exit

No default route is defined.
With this configuration, everyone on each one of the VLANs with the appropriate IP as gateway (i.e. 192.168.4.33) can reach every other VLAN.
Is there any way to isolate VLAN 1 from the other VLANs?
3 REPLIES
EckerA
Respected Contributor

Re: VLAN isolation and IP routing

Hi,
if vlan1 only needs to communicate with vlan1 just remove the ip address of vlan 1.
the other possibility is to use ACL's, but i don't think the 2650 switch does support ACL's.

hth
alex

cenk sasmaztin
Honored Contributor

Re: VLAN isolation and IP routing

you can write

config#managemet-vlan 1


commad on switch

vlan 1 isolate all other vlan
cenk

cenk sasmaztin
Honored Contributor

Re: VLAN isolation and IP routing

or

you can use filter port config

swtest(config)# filter source-port 1-48,50 drop 49


ports 1-48 and 50 not connected with int 49
cenk