cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
731
Views
0
Helpful
3
Replies

Command for Bogus VLAN

rwamstutz
Level 1
Level 1

All, what is the command to set a port in a VLAN that will take the end user no where? I am wanting to tighten down security on un-used ports. Is there a command that will take the end user only out to the internet?

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Hi

If you want to stop a user on the port communicating with any other vlan and only allowing internet traffic you could use an access list on the vlan interface.

If you want to stop a user on the port talking to any other vlan and any machine within the vlan you could look at VACL's which allow you to filter traffic within a vlan.

What we do here is to shut down all unused ports and allocate them into a vlan that is non-routable. So even if the port is accidentally brought up the user can't get anywhere.

HTH

Jon

Jon, what is the command line you use to allocate them into a VLAN that is non-routable?

You can assing the ports to a vlan using the command below:

switch# vlan database

Switch(vlan)# vlan x

config t

interface range fa 0/1 - 10

switchport access vlan x --> a bogus vlan on your switch

Make sure that you dont create an L3 interface for this vlan on your router or L3 switch. this will make sure that you ports are in a separate vlan which is not routable to the internet.

HTH,

-amit singh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: