Blocking access to a VLAN

Unanswered Question
Jul 15th, 2010
User Badges:

Is there a quick way to block access to one Vlan?


I have 6 buildings interconnected by fiber.  I am about to add a new building.

For the new building, they should be allowed access to all buildings except building 5 (VLAN 5).

Which switch do I put the restriction on (the one in the new building, or the one in Building 5, or be super paranoid and do both, lol).  What is the command?  (These are connected via trunking ports)


Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Thu, 07/15/2010 - 07:39
User Badges:
  • Purple, 4500 points or more

Do you need to have vlan 5 get access to this building but not the other way around? You can configure an acl on the svi for vlan 5 on your core switch. If you don't need them to have access to vlan 5 at all, don't create the vlan on the switch and don't allow the vlan over the trunk to that switch.


What type of switch is in building 5? L2 or L3? Is there a direct connect from this new building to Building 5 (I'm assuming not.) It may help to have a diagram of what your layout is to so we can see the path the data would take......


HTH,

John

Ganesh Hariharan Thu, 07/15/2010 - 22:42
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Is there a quick way to block access to one Vlan?


I have 6 buildings interconnected by fiber.  I am about to add a new building.

For the new building, they should be allowed access to all buildings except building 5 (VLAN 5).

Which switch do I put the restriction on (the one in the new building, or the one in Building 5, or be super paranoid and do both, lol).  What is the command?  (These are connected via trunking ports)


Thank you.

Hi,


Better thumb rule say apply the ACL near to source that building 6,You can configure acl with permit all and deny vlan 5 subnet and apply to in direction on buliding 6 switch.


Check out the below link for ACL configuration


http://www.cisco.rw/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Actions

This Discussion