Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Block ALL traffic (inc non-IP) on switch port

I have 2 switches, they are connected via an access port (not trunk). I need to block ANY type of traffic between these 2 switches except a couple of hosts that I could define in an ACL.

say for example the access I wanted to permit across switches is :

192.168.0.1 -> 192.168.100.1

What type of access list configuration and (type) would I need to use to ensure ALL other traffic types where blocked (INCLUDING NON-IP TRAFFIC) ?

Would this be a MAC and/or IP based ACL ?

Presumably on either end of the link as the port based ACL will only filter inbound ?

Would a VLAN map be more extensive ? As this is only a temporary situation, I could (I assume) put a switch in between these 2, with a VLAN map applying only on this switch in the middle (to save complications on the "live" switches).

Any pointers would be appreciated.

2 REPLIES

Re: Block ALL traffic (inc non-IP) on switch port

u could put those host in each switch in the same vlan

lets say vlan 10 in switch1 and 2

make this ports as trunk ports and use the command allwed vlans and allaw only vlan 10 to pass and make sure only those hosts in vlan 10

and if u want another level of sec u can make VLAN ACL VACL that forward traffic betwen those hosts only within vlan 10

good luck

if helpful Rate

New Member

Re: Block ALL traffic (inc non-IP) on switch port

I can't convert the link between the switches into a trunk. I only have access to the config of 1 switch, also the hosts are not directly on the other switch - they are accessible through it.

I am dealing with a provider cloud.

As I need to apply this temporarily, I was prepared to put a switch in between the current 2 switches, in order to have control of the interfaces at either end of link.

Sorry, I didn't expain this before, but I don't think I can create the required affect, by VLAN configuration.

362
Views
0
Helpful
2
Replies