cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
883
Views
5
Helpful
10
Replies

how to to prevent leakage of data between VLANs.

arumugasamy
Level 1
Level 1

Dear All,

Please any one help me

how to to prevent leakage of data between VLANs?

swami

10 Replies 10

Frank Henderson
Level 1
Level 1

????

vlans can't communicate with other vlans, unless they are routed thru a router.

Amit Singh
Cisco Employee
Cisco Employee

What is the setup that we are talking about here. What are the switches being used. How about using the private vlans?

http://www.ciscosystems.cd/univercd/cc/td/doc/product/lan/cat3560/12244se/scg/swpvlan.pdf

-amit singh

Mr. Swami,

You can take help of VACL or VLAN access maps in order to prevent one vlan's communication with other vlan. You have to decide very carefully to what extend you need isolation between/among vlans. you have to design the access-lists as per your requirements. Apply all vacl/access-map related commands in your layer3 device which actually is responsible for inter-vlan routing. Have a look at it:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/122sx/swcg/vacl.htm

--gaurav

Dear Gaurav,

I received the audit report about my branch network from our HO. They told that the spanning tree is not configured correctly.

Could you tell me the best practice to optimize the STP for the banking environment.

2 core switches 4507R with 3750 as edge switches. Internet access thro PIX and 3800 series router is provided. Total 6 floors with each floor in separate vlan.

Thnaks

swami

Hello Swami,

Kindly let me know the topology of your switches, how they are connected. Moreover, make sure the following configs in your LAN:

1. Make one of the core switches as ROOT bridge and other one as secondary root bridge for a particular vlan (for all vlans separately).

2. Configure root guard option on all access/edge switches (3750 here)

3. All PC/Laptop/Server connected ports can be configured as portfast and bpduguard.

4. On all distribution layer switches configure uplinkfast.

5. configure backbonefast on all core and distribution switches.

Kindly share your topology with us so that we may understand your needs.

--gaurav

I agree with Gaurav. But, It might be simpler instead of uplink fast, etc, to implement Rapid Spanning-tree on all the switches.

Gavrav,William,

The topology of the network is not pbplishable since this belong to Intl.Bank.

Let me explain the topology as below

2 core 4507R with dual fiber to each Cabinet IDF. The separate vlan on core switch connected to the PIX firewall and the firewall connected to the edge Inet router for the leased line and branch office connectivity.

We need to optimize the internal LAN only.

I accept gavrav suggesions to implement the STP.Also i like to implement the MST as per RFP of the BANK.

Please give me last advice on this issue before giving customer the proposal.

Thanks

swami

Dear Swami,

STP (MST/RSTP/PVST/PVST+ etc) is more concerned about LAN, so kindly let us know how core switches and other LAN switches (Edge/access switches) connected. My impression is that you have 2 core switches and some 3750 switches all connected in mesh scenario.

Yes, as Bill said, RSTP would give exactly same services with less head-ache.

MST is nothing but mapping of more than one PVST/PVST+ instances with one MST instance.

have a look at it:

http://www.cisco.com/warp/public/473/147.html

--gaurav

Gaurav,

You are correct. We have 2core switches and all the edge switches are conected to both the core switches with dot1q trunk.Hsrp not yet configured.I need to configure the STP optimization like u advice and MHSRP etc.

Please u can advice me to follow the procedures.

Swami

Hi Swami,

I would prefer you to study about STP first and then implement it else it couls create a huge hiccup in the network and you will never be able to figure out what happen and where happen.

BTW you can take help of this link in configuring STP in an effective manner:

http://www.systemsupportsolutions.com/WhitePapers/RapidSpanningTreeConfiguration.pdf

Kindly rate all the posts which you think has helped you.

--gaurav

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco