I have a 1550-P24 that I'm setting up with 4 VLAN's I need to isolate one of the Vlan's for a Guest network. I would like to isolate this guest network from all other Vlans. I have tried hardware ACL's and Software ACL's both do not work, and i did test this with an actual machine not just by doing a source ping which i read somewhere is how this should be tested. I am using 3140 as my router and i do have L3 switching enabled on the 1550.
The best way to isolate a VLAN on a switch is to be sure there is not any Layer 3 interface on that VLAN.
If the switch has an IP address on that VLAN, and the switch is doing IP routing, it will route and therefore will not isolate.
Jroad, thank you for answering this question. I may have to make some changes then. I am using a 3140 as my router and 1550-p for my core switch. I have 4 other switches within the network that I need to serve with Vlans. I tried removing L3 routing and use default gateway on the 1550 but I think I lost internet access on everything but the default vlan. Any suggestions let me know maybe I’m over thinking this, I’m trunking to the other switches which only have L2 capability.
Salvatore Cusumano
Sorry for the long delay! It has been very busy.
You will want to leave L3 routing on the switch to allow inter-vlan routing at line speeds in the network but for the guest VLAN, you do not want an IP interface on any switch so the 3140 will be the Gateway address for the wireless users. This way, the 3140 can control where a wireless user can go and the switch will only switch that VLAN all the way back to the 3140.