Cisco 300 Series Switch VLAN Management

[invulnarable27]

Hello,

So the Cisco switch I own is this one: SG300-52 (SRW2048-K9-NA)

If I have 1 computer: Com1 on VLAN 1
Another: Com2 on VLAN 2
WAN Drop on VLAN3

I paired VLAN 3 + VLAN 2 using the "Port to VLAN" web GUI. Also VLAN 3 + VLAN1. Now both VLANs (1 & 2) can access the Internet, but I dont want them to see each other on the LAN network.

Is this possible with just 1 WAN drop to have both VLAN 1 and 2 to access the internet, but block them from LAN visibility? I spent an entire day tryinh to make it work but couldn't, so I dont think it is feasible.

Thanks

 

[sturm]

Apply an access control list for each vlan that permits vlan1 to vlan 3 but denies vlan 1 to vlan 2. permit vlan 2 to vlan 3 and deny vlan 2 to vlan 1

ip access-list 100 permit (vlan 1 network) (vlan 3 network)
ip access-list 100 deny (vlan 2 network) (vlan 1 network)

ip access-list 101 permit (vlan2 network) (vlan 3 network)
ip access-list 101 deny (vlan1 network) (vlan 2 network)

Replace (vlan x network) with network info: example below


ip access-list 100 permit 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255
ip access-list 100 deny 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255

ip access-list 101 permit 192.168.11.0 0.0.0.255 192.168.100.0 0.0.0.255
ip access-list 101 deny 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255

 

[invulnarable27]

O, finally got back to this thread. Man I wish I had CLI to work with, it would be a snap to configure. Sadly the 300 series switches dont have the feature yet. Read that the CLI will be included in next release. Gonna have to go do some digging and see how to complete this via the Web GUI.