Block particular traffic between two ports in a switch

Unanswered Question
Dec 21st, 2008

Two same type of access devices are connected to the two ports of a switch. Uplink of the switch goes to a MPLS edge router. The access devices are shearing some common vlans of edge router. When the devices communicate between each other via common vlans, normally there communicate via switch, the traffic will not go to router. My requirement is to block a particular vlan communication between the access ports.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sun, 12/21/2008 - 04:27

Hello Senthilkumar,

private vlans could help:

additional secondary vlans of type isolated or community can be used to allow device to gateway communication only.


However, if the edge device is performing vRF lite (multi VRF CE) you can add new vlans and new SVIs or subifs on the edge device that can allow ip address overlapping in different non communicating VRFs.

Hope to help


mvillarreal_burwood Sat, 01/24/2009 - 15:23

Use the switchport protected command on the switch for each port and that will not forward traffic to other protected port, you can also do a switchport block multicast or unicast to block unknown multicast or unicast traffic to those ports.


This Discussion