    Selective interVlan routing - is it possible?

    Tom Kivlin


      I have the following scenario:



      Firewall - L3Switch - 2 x L2Switch



      This is for a network used for building machines. There will be four VLANs configured on the switches, with the L3 switch being the default gateway for all VLANs (using L3 VLAN interfaces). What I'd like to have happen is for the VLANs to only use the default route (which will be to the internet via the firewall) and not be able to route between themselves. Sounds easy - use access-lists or PBR I hear you say. However, the default gateway addresses will be changing regularly as the machines are built with their final IP addresses. So I would need to filter by VLAN, rather than IP range. Or is there any way of setting a port to not allow traffic through that has a destination back on the same port? Even easier would be a way of deleting directly-connected routes from the routing table - is that possible?



      Any help appreciated.