Wired Intelligent Edge

Hi experts,

I have an scenario where I am going to create many VLANs in a 3810 core switch and spread them out with 2930 access switches. If I want to have full interVLAN routing I would enable routing in the core switch with the "ip routing" command. But if I don't want to have full interVLAN routing but partial interVLAN routing, let's say, I want to have communication only between VLANs 10,20 and 30, but not between those VLANs and VLANs 40 and 50, how can I achieve this? I need to use ACLs?

Regards,

Julián

Hi Tim,

There are two things:

1. I think there will be some servers connected to the core switch in a different VLAN than the users, and I need communication between the users and these servers.

2. If I do the interVLAN routing in the access switches and I have an access switch with VLANs 10, 20, 30, 40 and 50 and users in all these VLANs, and I only want communication between VLANs 10, 20 and 30 but not between those VLANs and VLANs 40 and 50, how can I achieve this?

Regards,

Julián

ACL's are definetly the way to go make this happen. They give you some control over which traffic is allowed to be routed throughout your VLAN's. However, it might be worth it to look into a small-business firewall solution. This gives you much more control, and allows you to keep your traffic flows manageable as your network grows and becomes more complex over time. 

Hi MartijnNoij,

Thanks for the confirmation and your recommendation!

Regards,

Julián