I am trying to set up multiple VLANs on Cisco 3500, route them via FreeBSD machine with DHCP server on it out to the Internet. My primary goal(s) are:
1) to assign a correct IP to an appropriate VLAN (based on the Cisco's port), and
2) disable interVLAN routing (i.e., users from different VLANs shouldn't be able to see each other).
Although I have succeeded with goal#1, my Cisco/BSD tandem still routes packet forth and back. I can block that by using an ACL, of course, but I've read that it can be achieved without one.
My Cisco trunk is configured as follows:
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-12
switchport mode trunk
spanning-tree portfast
no cdp enable
Any idea what can be modified to block interVLAN traffic?
Thanks,
M.S.
1) to assign a correct IP to an appropriate VLAN (based on the Cisco's port), and
2) disable interVLAN routing (i.e., users from different VLANs shouldn't be able to see each other).
Although I have succeeded with goal#1, my Cisco/BSD tandem still routes packet forth and back. I can block that by using an ACL, of course, but I've read that it can be achieved without one.
My Cisco trunk is configured as follows:
interface FastEthernet0/6
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-12
switchport mode trunk
spanning-tree portfast
no cdp enable
Any idea what can be modified to block interVLAN traffic?
Thanks,
M.S.
