7 Replies Latest reply on Nov 7, 2013 8:24 AM by levi

    NetVanta 1534 - Blocking InterVLAN Traffic

    xucraig New Member

      Good morning,

       

      I've just introduced a NetVanta 1534 into my network and moved all of my VLANs off of my 3448 onto the 1534.  My 1534 is running R10.7.0.  VLAN is used for management, while my primary VLAN for our office is VLAN 10.  We have a number of other VLANs.  Right now, gigabit-switchports 1-23 are set up with switchport access vlan 10, while 24 (to the 3448) is set up with switchport access vlan 1. Ports 25 and 26 are set up with switchport trunk native vlan 10 as those two ports are used for connectivity to my other two switches (Dell 2824).

       

      My primary goal is preventing all of the VLANs from being able to communicate with vlan 10.  On the 3448, I just created firewall rules to do this and it worked great, but we need better performance (gigabit) in between some VLANs, hence the installation of the 1534.

       

      I tried creating ACLs, but that didn't work.  I also found this doc referencing ip access-group, but I've tried applying it to both vlan interfaces and switchport interfaces and it comes back as unrecognized.  I also found this thread referencing the same command, but it's a year old.  Has the command been deprecated in newer revisions, or am I missing something?

       

      I'd appreciate any help you can offer. Please let me know if you need any additional information.

       

      thanks

      craig

        • Re: NetVanta 1534 - Blocking InterVLAN Traffic
          jayh Hall_of_Fame

          If you want to completely disable inter-VLAN routing, you can enter the command no ip routing and configure an IP address only on your management VLAN interface.  Use ip default-gateway w.x.y.z to route management traffic instead of ip route 0.0.0.0 0.0.0.0 w.x.y.z .


          If you need IP routing on this switch for other purposes, just don't put an IP address on the VLAN 10 interface.  For that matter you don't need interface vlan 10 at all.

           

          ACLs should also work, or you could put VLAN 10 into a different VRF but that's getting kind of extreme.

          1 of 1 people found this helpful
          • Re: NetVanta 1534 - Blocking InterVLAN Traffic
            levi Employee

            xucraig:

             

            I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

             

            Thanks,

            Levi