SVI (Switch Virtual Interfaces)
We use the SVI for inter vlan routing. In this scenario I will configure the access list with SVI.
In this scenario I want to permit vlan 10 network to vlan 50 Server farm. Vlan 10 and vlan 20 can communicate each other.
First create vlan and then interface vlan#.
Switch(config)#vlan 10
Switch(config)#interface vlan 10
Switch(config-if)#ip address 192.168.10.254 255.255.255.0
Switch(config)#vlan 20
Switch(config)#interface vlan 20
Switch(config-if)#ip address 192.168.20.254 255.255.255.0
Switch(config)#vlan 50
Switch(config)#interface vlan 50
Switch(config-if)#ip address 192.168.50.254 255.255.255.0
when we finish the vlan interface create make sure the switch port are belong to each vlan.
Port to vlan assign configure is
Switch(config)#interface g0/1
Switch(config-if)#switchport access vlan 10
Switch(config)#interface g0/2
Switch(config-if)#switchport access vlan 20
Switch(config)#interface g0/3
Switch(config-if)#switchport access vlan 50
If you don't assign switch port to vlan your SVI will show as:
config)#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan10 192.168.10.254 YES manual up down
so make sure you have assign you switchport to vlan. And then now we have route the vlan each other.
I want to define vlan 50 only allow to communicate vlan 10. So let move with access list.
Define the access list
Switch(config)#access-list 1 permit 192.168.10.0 0.0.0.255
Switch(config)#access-list 1 deny any
Apply the access rule to SVI. By the way we need to know how SVI traffic flows work. Actually it same as the physical interface.
So let configure the access list to SVI.
Switch(config)#int vlan 50
Switch(config-if)#ip access-group 1 out
we can verify with #sh access-list
Now we can test connection from vlan 10 and 20 to vlan 50.
Thank you.
Thank you for your shared Sir.
ReplyDelete