cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
606
Views
0
Helpful
5
Replies

Blockin SQL traffic within the same VLAN

interedlb
Level 1
Level 1

Dear All,

I've got a Cisco 4503 Core Switch with two VLANs configured.

All is going OK with access lists management between the two VLANS, but now I have a scenario where I need to block only SQL traffic between two hosts on the same VLAN.

Is this supported?

To make it simple: I have two subnets 192.168.5.0 and 192.168.6.0 on VLANs 5 and 6 respectively.

VLAN 5 is defined on 8 physical ports of the switch and VLAN 6 on 4 physical ports of the switch.

I want to stop only SQL traffic between the two hosts 192.168.6.15 and 192.168.6.20 that are both on VLAN 6.

How can this be done on a Cisco 4503?

Thank you.

Regards,

Raymond

1 Accepted Solution

Accepted Solutions

Dear Raymond,

We configure mac based access-lists and implement it using an Access Map thus VLAN Access Maps are essentially used to filter Layer 2 information. It will not work in your case.

Regards

Rohit

View solution in original post

5 Replies 5

rohitrattan
Level 1
Level 1

Hello Raymond,

If you want to filter specific protocol traffic between two hosts, you do it on the basis of layer 4 information. We usually implement ACL's on a VLAN in "in or out" direction based on where and which way we the filtering is to be done. In your case communication between two PC's on a common VLAN can not be filtered as the Traffic does not cross the Vlan boundary where it can be filtered. A VLAN is a Layer 2 entity moreover the ports are Layer 2 switch ports, so filtering based on layer 4 information is not possible. You can though filter some traffic by configuring your Windows or Third Party firewall that resides on host machines but if the users have privileges to modify the Firewall settings then that may not be a good solution otherwise you could look forward to this solution also.

Regards

Rohit

Hello Rohit,

Thank you for your reply.

So if I'm getting you correctly, you're confirming that there's absolutely NOWAY to block SQL traffic between two hosts on the same VLAN using the Cisco 4503? Not even using Access Maps?

Regards,

Raymond

Dear Raymond,

We configure mac based access-lists and implement it using an Access Map thus VLAN Access Maps are essentially used to filter Layer 2 information. It will not work in your case.

Regards

Rohit

Rohit,

Thank you for your help.

Regards,

Raymond

My pleasure dear Raymond, thanks for the rating :-)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: