IP blocking in same VLAN - Urgent

Unanswered Question
Jun 11th, 2009

I have A,B,C IP'Sin a vlan.I want to block communication between A and B,C only .Is it possibel.As A is firewall and B,C are ISA servers.I found that while communication B and C my firewall A gets 100% utilized.Communication is passing through firewall A.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gajanangavli Thu, 06/11/2009 - 21:11

Thanks for reply.

Is it not possible to block communication in that devices living in same vlan.

B,C shouldnot communicate to A but to all , living in same vlan ?

Leo Laohoo Thu, 06/11/2009 - 21:33

You can block with IP but do you have a Layer 3 switch or a router?

gajanangavli Thu, 06/11/2009 - 21:51

I have 6500 as core , but as this communicaiton should be only L2 then why B,C trying to communicate through my firewall A.B,C are on same switch whereas A is on different switch but all are in same VLAN.

carl_townshend Fri, 06/12/2009 - 00:42

If you want to filter traffic inside a VLAN, than you need to use a VLAN map and a VLAN filter

kishan1984 Fri, 06/12/2009 - 00:52

There are 2 ways u can do this,one is to use private vlan(use isolated vlan for firewall) and another is use vlan access map.i think vlan access map is easiest to do.create VACLS and apply it to your vlan globally.

pauloroque Fri, 06/12/2009 - 05:46

Please tell us: are A, B and C in the same IP subnet?

If yes

* B must reach C directly, and should not use A.

* Check the ip subnet masks on both A, B and C.

If not

* You will need a L3 device to route between B a C. If this L3 device is your firewall, you can't block communication between A and B,C.

Paulo Roque

gajanangavli Fri, 06/12/2009 - 05:52

they are in same subnet.subnet configure correctly.B and C are Server , they need to communicate , but this communication is affecting the Firewall A.This should not happen at switch level.Once switch know where is B and c it should send directly traffic on that port.

pauloroque Fri, 06/12/2009 - 07:10

Hi gajanangavli,

This is my point! If they are in the same IP subnet, there is no reason for they interfere with or use the firewall. If they are interfering with the firewall there is something weird here. Again check the subnet masks in all devices.


This Discussion