cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
508
Views
0
Helpful
6
Replies

vlan security

suthomas1
Level 6
Level 6

i have a requirement to do security on specific vlan. Only this segment needs to go out to access some applications.

Can i do it by creating a layer2 vlan which would not allow it to mingle with other segments within?

Please advise if this is fine or if there is any other way to do this.

Thanks!

1 Accepted Solution
6 Replies 6

sharma16031981
Level 1
Level 1

hi,

Use access list matching you internal host IP's and hosts on other subnet. you can just allow port specific access with extended list.

you need to apply access list on L3 interface for that vlan.

Hemant

Apparently, we'r trying to do away with L3 here and just have a L2 vlan which would restrict the movement with that vlan itself. But further to restrict within that vlan , do we have an option.

Thanks!

"But further to restrict within that vlan , do we have an option."

Yes, you can use vlan access lists (VACLs) which allow you to control traffic between hosts within the same vlan. Which switch are you using ?. If you look at the configuration guide for your switch there will be examples of using VACLs.

Jon

its a 6506 switch.

Thanks for your info.

We already opened the TAC case and they asked to use ACL to allow only this LMS to poll the device. It is coming from only one device not from all.

Should I remove all the snmp config from the switch and re-apply it?

Shall I copy the same config from the working core 01 and apply to the second core 02?

Could u provide the patch URL page.

swami

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco