isn't this what pvlans are for?
On Mon, Sep 26, 2022, at 19:23, trgapp16 via cisco-nsp wrote: > Hello, > > We use Cisco Catalyst 3750 switch as small data center (DC)/Core > Switch on which nearly > 200 VLANs sit, having internet connectivity through a ADSL modem/router. > > SVI/RVIs are defined for all these 200 VLANs on the same DC/Core Switch. > > We have the following requirement: > > VLAN 1 - 190: should communicate among themselves and to internet > > VLAN 191: having network address 192.168.1.0/28 should not communicate > with any other > VLAN except internet > > To meet this requirement we used the following VACL configuration > > SW(config)#access-list 100 permit ip 192.168.1.0 0.0.0.15 any > > SW(config)#vlan access-group XYZ 10 > > SW(config-access-map)#match ip address 100 > > SW(config-access-map)#action drop > > SW(config-access-map)#vlan access-group XYZ 20 > > SW(config)#vlan filter XYZ vlan-list 1-190 > > By doing this VLAN 1-190 are not able to contact vlan 191, but to internet > and > among themselves(vlan 1-190). > > Hosts in VLAN 191 are not able to contact the hosts in 1-190 VLANs(this > is > also fine), but hosts in VLAN 191 are contacting the SVI/Gateways of > 1-190 VLANs. > > Is there anything wrong in my VACLs configuration or sequence of ACLs. > > Any help is greatly appreciated. > > Thanks in advance > > Mounika M > > ### Please consider the environment and print this email only if > necessary . Go Green > ### > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > Disclaimer : > This email and any files transmitted with it are confidential and > intended > solely for the use of the individual or entity to whom they are > addressed. > If you are not the intended recipient you are notified that disclosing, > copying, distributing or taking any action in reliance on the contents > of this > information is strictly prohibited. The sender does not accept > liability > for any errors or omissions in the contents of this message, which > arise as a > result. > > -- > Open WebMail Project (http://openwebmail.org) > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
