Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

InterVLAN Firewall Options

Good morning,

I am seeking advice regarding firewall capabilities between internal VLANs.  I currently have a collapsed core architecture with a single core switch (4500 series).  All internal VLAN SVIs reside on the core switch.  I'm using access lists to restrict interVLAN communications, but I am wondering what other options I have.  The only thing I can think of is to move the VLAN SVIs to an ASA.  Is that a recommended approach?  Any other suggestions would be greatly appreciated.

Thanks.

Everyone's tags (3)
1 REPLY
Hall of Fame Super Silver

InterVLAN Firewall Options

What security policy are you tring to implement?

I ask becasue we seldom see small-medium networks restricting inter-VLAN traffic. We see it sometimes on larger enterprises (with dedicated firewalls for that purpose) and increasingly in data centers separating VMs or subnets ("east-west" firewalling).

An alternative approach is separate VRF instances if the subnets never talk to one another yet share a single core.

250
Views
0
Helpful
1
Replies
CreatePlease login to create content