Question : Cisco Vlan concepts on 4507

Hi all of you Cisco wizards out there! ok...I'm having a bit of dificulty translating my book reading to real world application....I think I'm strugging w/ layer three switch vlan stuff. I've inherited a 4507 and I'm a little unclear as to how the networks are talking and how to limit visiblity of 2 test vlans
Environemnt:
So if in my 4507 I have 10 vlans; vlan1 for managment then vlan2 for servers, vlan's 3&4 for test and vlan's 5,6&7 for workstations on the three floors of the building and then vlan's 8,9 and 10 are three remote sites.
vlan 2 192.168.2.2
vlan 3 192.168.3.2
vlan 4 192.168.4.2
vlan 5 192.168.5.2
vlan 6.............6.2 etc.

Q's
-By default do all of these vlans see eachother? can a workstation is vlan 5 see the test vlan 3?
- the workstations in vlan 5 and the remote sites can see vlan2 w/o any routing? The 4507 does it automatically?

If I want to stop all workstations in vlan 5 from seeing vlan 3 and 4 then do I put on an inbound acl on the vlan?
If say three hosts on vlan5 are to be allowed to see vlan 3 & 4 and all others exclued add permits for host thne deny any any at end of acl?

access-list 102 permit ip 192.168.5.10 0.0.0.255 192.168.3.2 0.0.0.255
access-list 102 permit ip 192.168.5.11 0.0.0.255 192.168.3.2 0.0.0.255
access-list 102 permit ip 192.168.5.12 0.0.0.255 192.168.3.2 0.0.0.255
access-list 102 deny ip any any

access-list 103 permit ip 192.168.5.10 0.0.0.255 192.168.4.2 0.0.0.255
access-list 103 permit ip 192.168.5.11 0.0.0.255 192.168.4.2 0.0.0.255
access-list 103 permit ip 192.168.5.12 0.0.0.255 192.168.4.2 0.0.0.255
access-list 103 deny ip any any

int vlan 3
access-group 102 in

int vlan 4
access-group 103 in

**Do i need the word ip in the acl statments?
So I want to understand if the vlans all see eachother by default and in in bound acls will limit visibility

Thanks for you help!!

Answer : Cisco Vlan concepts on 4507

yes, that would work too.. and you could apply the same list to both of them also :D

My ACL would effectively do the same thing, yours might be a little more efficient :D

-Rob

Random Solutions

VPN Connected but Losing Internet connection in the Office.

Deny MAC addresses receiving IP's from DHCP

Adding 3rd NIC to novel 3.12 - Slot= parameter?

1-800 number 101

All in one printing and Terminal Services

Reconfiguring a New Router for eMule --- Where do I begin?

Port 3268 on Windows 2000 PDC not listening

Local machine can't connect to Yahoo Games

How can we remotely add (Allow logon to terminal services rights)

What program uses my network and harddrive?