Blocking access to a VLAN

townofnewmarket · ‎07-15-2010

Is there a quick way to block access to one Vlan?

I have 6 buildings interconnected by fiber. I am about to add a new building.

For the new building, they should be allowed access to all buildings except building 5 (VLAN 5).

Which switch do I put the restriction on (the one in the new building, or the one in Building 5, or be super paranoid and do both, lol). What is the command? (These are connected via trunking ports)

Thank you.

John Blakley · ‎07-15-2010

Do you need to have vlan 5 get access to this building but not the other way around? You can configure an acl on the svi for vlan 5 on your core switch. If you don't need them to have access to vlan 5 at all, don't create the vlan on the switch and don't allow the vlan over the trunk to that switch.

What type of switch is in building 5? L2 or L3? Is there a direct connect from this new building to Building 5 (I'm assuming not.) It may help to have a diagram of what your layout is to so we can see the path the data would take......

HTH,

John

HTH, John *** Please rate all useful posts ***

Ganesh Hariharan · ‎07-15-2010

Is there a quick way to block access to one Vlan?

I have 6 buildings interconnected by fiber. I am about to add a new building.

For the new building, they should be allowed access to all buildings except building 5 (VLAN 5).

Which switch do I put the restriction on (the one in the new building, or the one in Building 5, or be super paranoid and do both, lol). What is the command? (These are connected via trunking ports)

Thank you.

Hi,

Better thumb rule say apply the ACL near to source that building 6,You can configure acl with permit all and deny vlan 5 subnet and apply to in direction on buliding 6 switch.

Check out the below link for ACL configuration

http://www.cisco.rw/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post