VLAN lockdown

Unanswered Question
Jun 16th, 2009

I would like to lockdown our seperate vlans. Right now any vlan can ping any vlan and any host within... so obviously this is not a regular vlan configuration.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thotsaphon Tue, 06/16/2009 - 10:20


Each vlan has its own interface vlan at the core switch. Right? If yes,They can talk to each other via their gateway(int vlan). If you want to block talking between them,then you may think about ACL.



nick.franzen Tue, 06/16/2009 - 11:51

One way is through ACLs, the other way, if you are using a L3 capable switch, is to not create a SVI for the seperate VLans. I have a guest network vlan that I have set up that way. You will need to handle the routing at your gateway but it works well for me.


This Discussion