09-10-2008 06:30 AM - edited 03-06-2019 01:17 AM
I have 2 switches, they are connected via an access port (not trunk). I need to block ANY type of traffic between these 2 switches except a couple of hosts that I could define in an ACL.
say for example the access I wanted to permit across switches is :
192.168.0.1 -> 192.168.100.1
What type of access list configuration and (type) would I need to use to ensure ALL other traffic types where blocked (INCLUDING NON-IP TRAFFIC) ?
Would this be a MAC and/or IP based ACL ?
Presumably on either end of the link as the port based ACL will only filter inbound ?
Would a VLAN map be more extensive ? As this is only a temporary situation, I could (I assume) put a switch in between these 2, with a VLAN map applying only on this switch in the middle (to save complications on the "live" switches).
Any pointers would be appreciated.
09-10-2008 07:44 AM
u could put those host in each switch in the same vlan
lets say vlan 10 in switch1 and 2
make this ports as trunk ports and use the command allwed vlans and allaw only vlan 10 to pass and make sure only those hosts in vlan 10
and if u want another level of sec u can make VLAN ACL VACL that forward traffic betwen those hosts only within vlan 10
good luck
if helpful Rate
09-10-2008 08:03 AM
I can't convert the link between the switches into a trunk. I only have access to the config of 1 switch, also the hosts are not directly on the other switch - they are accessible through it.
I am dealing with a provider cloud.
As I need to apply this temporarily, I was prepared to put a switch in between the current 2 switches, in order to have control of the interfaces at either end of link.
Sorry, I didn't expain this before, but I don't think I can create the required affect, by VLAN configuration.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: