10-19-2009 07:41 PM - edited 03-06-2019 08:11 AM
i have a requirement to do security on specific vlan. Only this segment needs to go out to access some applications.
Can i do it by creating a layer2 vlan which would not allow it to mingle with other segments within?
Please advise if this is fine or if there is any other way to do this.
Thanks!
Solved! Go to Solution.
10-19-2009 11:37 PM
Sunny
Assuming your switch is running IOS -
Jon
10-19-2009 08:03 PM
hi,
Use access list matching you internal host IP's and hosts on other subnet. you can just allow port specific access with extended list.
you need to apply access list on L3 interface for that vlan.
Hemant
10-19-2009 10:03 PM
Apparently, we'r trying to do away with L3 here and just have a L2 vlan which would restrict the movement with that vlan itself. But further to restrict within that vlan , do we have an option.
Thanks!
10-19-2009 10:13 PM
"But further to restrict within that vlan , do we have an option."
Yes, you can use vlan access lists (VACLs) which allow you to control traffic between hosts within the same vlan. Which switch are you using ?. If you look at the configuration guide for your switch there will be examples of using VACLs.
Jon
10-19-2009 11:22 PM
its a 6506 switch.
10-19-2009 11:37 PM
Sunny
Assuming your switch is running IOS -
Jon
10-20-2009 12:36 AM
Thanks for your info.
We already opened the TAC case and they asked to use ACL to allow only this LMS to poll the device. It is coming from only one device not from all.
Should I remove all the snmp config from the switch and re-apply it?
Shall I copy the same config from the working core 01 and apply to the second core 02?
Could u provide the patch URL page.
swami
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide