I have three Summit 48si switches for a company that I recently started working with. The tech that originally set up the switches set all of the vlans with the protocol of all unconfigured protocols. I have noticed that I am able to ping and sometimes print to other printers in other vlan's. Should I change the vlan protocol to IP? What are the optional items next to ports ie loopback?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Summit 48si Port Based Vlan Configuration
- Thread starter SmurfTurf
- Start date
Setting up the VLANs for all unconfigured protocols is the default. Unless you have a specific reason, it's probably best to leave it.
This has nothing to do with your switch, that is a routing function.
You don't really say if your supposed to be able to access the other VLANs or not.
Need more info.
What type of Layer3 device are you using for routing?
MCSE CCNA CCDA
This has nothing to do with your switch, that is a routing function.
You don't really say if your supposed to be able to access the other VLANs or not.
Need more info.
What type of Layer3 device are you using for routing?
MCSE CCNA CCDA
tanderson3733
IS-IT--Management
It does sound like there are no protocols or policies configured, and the VLANs are accessible through simple routing. The Summit 48si is a layer 3 switch, it may be passing the traffic itself if it's set as the gateway for your hosts.
- Thread starter
- #4
- Thread starter
- #6
dearingkr,
Thanks for the help I really appreciate it. If I ran the command
create accces-list denyall ip dest 10.0.101.0/24 source 0.0.0.0/24 deny ports any
I assume that would deny all traffic to the vlan, but I assume that the computers inside the 10.0.101.0/24 network would still be able to get out. Is my logic correct. The reason I am asking is that I currently run three of these switches and have about 50 vlans that shouldn't have traffice between them. Only two vlans are public.
Thanks for the help I really appreciate it. If I ran the command
create accces-list denyall ip dest 10.0.101.0/24 source 0.0.0.0/24 deny ports any
I assume that would deny all traffic to the vlan, but I assume that the computers inside the 10.0.101.0/24 network would still be able to get out. Is my logic correct. The reason I am asking is that I currently run three of these switches and have about 50 vlans that shouldn't have traffice between them. Only two vlans are public.
Yes, you are correct.
However, doing it that way is a bit heavy-handed and could have unintended consequences.
For example:
If anyone has an email server or a web server, this will kill it.
If anyone is depending on any kind of remote access solution (including you, for support)...
Be very careful, do one at a time and test thoroughly.
MCSE CCNA CCDA
However, doing it that way is a bit heavy-handed and could have unintended consequences.
For example:
If anyone has an email server or a web server, this will kill it.
If anyone is depending on any kind of remote access solution (including you, for support)...
Be very careful, do one at a time and test thoroughly.
MCSE CCNA CCDA
- Thread starter
- #8
Yes, but you'll need to use precedence numbers to make sure the rules are in the correct sequence.
For example:
The above ACL denies everything except
MCSE CCNA CCDA
For example:
Code:
create accces-list denyall ip dest 10.0.101.0/24 source 0.0.0.0/24 deny ports any precedence 10
create accces-list denyall ip dest 10.0.101.0/24 ip-port 80 source 0.0.0.0/24 permit ports any precedence 5MCSE CCNA CCDA
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question