vlan security

Answered Question
Oct 19th, 2009
User Badges:

i have a requirement to do security on specific vlan. Only this segment needs to go out to access some applications.

Can i do it by creating a layer2 vlan which would not allow it to mingle with other segments within?

Please advise if this is fine or if there is any other way to do this.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
sharma16031981 Mon, 10/19/2009 - 20:03
User Badges:


Use access list matching you internal host IP's and hosts on other subnet. you can just allow port specific access with extended list.

you need to apply access list on L3 interface for that vlan.


suthomas1 Mon, 10/19/2009 - 22:03
User Badges:

Apparently, we'r trying to do away with L3 here and just have a L2 vlan which would restrict the movement with that vlan itself. But further to restrict within that vlan , do we have an option.


Jon Marshall Mon, 10/19/2009 - 22:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

"But further to restrict within that vlan , do we have an option."

Yes, you can use vlan access lists (VACLs) which allow you to control traffic between hosts within the same vlan. Which switch are you using ?. If you look at the configuration guide for your switch there will be examples of using VACLs.


arumugasamy Tue, 10/20/2009 - 00:36
User Badges:

Thanks for your info.

We already opened the TAC case and they asked to use ACL to allow only this LMS to poll the device. It is coming from only one device not from all.

Should I remove all the snmp config from the switch and re-apply it?

Shall I copy the same config from the working core 01 and apply to the second core 02?

Could u provide the patch URL page.



This Discussion