Question : Cisco Vlan concepts on 4507

Hi all of you Cisco wizards out there! ok...I'm having a bit of dificulty translating my book reading to real world application....I think I'm strugging w/ layer three switch vlan stuff. I've inherited a 4507 and I'm a little unclear as to how the networks are talking and how to limit visiblity of 2 test vlans
Environemnt:
So if in my 4507 I have 10 vlans; vlan1 for managment then vlan2 for servers, vlan's 3&4 for test and vlan's 5,6&7 for workstations on the three floors of the building and then vlan's 8,9 and 10 are three remote sites.
vlan 2 192.168.2.2
vlan 3 192.168.3.2
vlan 4 192.168.4.2
vlan 5 192.168.5.2
vlan 6.............6.2 etc.

Q's
-By default do all of these vlans see eachother? can a workstation is vlan 5 see the test vlan 3?
- the workstations in vlan 5 and the remote sites can see vlan2 w/o any routing? The 4507 does it automatically?

If I want to stop all workstations in vlan 5 from seeing vlan 3 and 4 then do I put on an inbound acl on the vlan?
If say three hosts on vlan5 are to be allowed to see vlan 3 & 4 and all others exclued add permits for host thne deny any any at end of acl?
 
access-list 102 permit ip 192.168.5.10 0.0.0.255 192.168.3.2 0.0.0.255
access-list 102 permit ip 192.168.5.11 0.0.0.255 192.168.3.2 0.0.0.255
access-list 102 permit ip 192.168.5.12 0.0.0.255 192.168.3.2 0.0.0.255
access-list 102 deny ip any any

access-list 103 permit ip 192.168.5.10 0.0.0.255 192.168.4.2 0.0.0.255
access-list 103 permit ip 192.168.5.11 0.0.0.255 192.168.4.2 0.0.0.255
access-list 103 permit ip 192.168.5.12 0.0.0.255 192.168.4.2 0.0.0.255
access-list 103 deny ip any any

int vlan 3
access-group 102 in

int vlan 4
access-group 103 in

**Do i need the word ip in the acl statments?
So I want to understand if the vlans all see eachother by default and in in bound acls will limit visibility

Thanks for you help!!

Answer : Cisco Vlan concepts on 4507

yes, that would work too.. and you could apply the same list to both of them also :D

My ACL would effectively do the same thing, yours might be a little more efficient :D


-Rob
Random Solutions  
 
programming4us programming4us