[SOLVED] Different networks with different accessability

[Plobstern]

So i want to setup multiple vlans. 1 for admins, 1 for guests, 1 for regular users. Where the regular users can only access hosts on that specific vlan, same for guests, but for admins i would like to be able to access everything on the network? But i can not figure out how to set this up, how can i make a vlan access another vlan but not the other way around?
Thank you

 

[bill001g]

You need a actual firewall to do this.
It all depends on what you mean "access". The traffic can never actually be 1 way since somehow the data from what you are access must get back to the machine that did the access.

This is kinda of tricky to do because some application do not work.

In any case the way this is done is a rule is put in place to only allow packets with SYN bit set to flow in one direction. This is the very first packet in a session. So the admin vlan would be allowed to have syn packets to the other vlans but packets with the SYN bit only set would not be allowed the other way. All other packets would be allowed but since you can't open a session without the first one it prevents "access?". UDP and ping will be allowed unless you block them special.