Solved: Can we prevent traffic in a LAN

minh_hieu · ‎09-16-2013

Hi community,

Our customer have many VLANs which have our router subinterfaces as default gateways to the Internet. Now for security reason, our customer want to prevent traffic between hosts in a VLAN. Of course we can divide VLANs into small subnets /30 but our customer doesn't want to change it because it affects to IP of many hosts, servers in their network. Instead, they want us to set access-list in our router to prevent it. My question is if it is possible. In my opinion, it is not.

Thanks and regards,

HIeu

InayathUlla Sharieff · ‎09-17-2013

Types of filtering:

============

VACL:

===========

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.0SY/configuration/guide/vlan_acls.html

http://www.cisco.com/en/US/tech/tk389/tk814/tk838/tsd_technology_support_sub-protocol_home.html

http://www.devilwah.com/2010/08/filtering-the-vlan-traffic/

Private-VLAN:

===========

http://packetlife.net/blog/2010/aug/30/basic-private-vlan-configuration/

http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html

802.1x:

======

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_8021x.html

http://www.cisco.com/en/US/tech/tk955/tsd_technology_support_sub-protocol_home.html

HTH

Regards

Inayath

**Plz rate if this info is helpfull.

View solution in original post

Leo Laohoo · ‎09-16-2013

Yes. IT's possible.

InayathUlla Sharieff · ‎09-16-2013

Agree with Loe many possible ways to prevent this.

amabdelh · ‎09-16-2013

The best way to achieve this is by using private vlans it is much better than using ACLs, easy to configure, manage, and troubleshoot

Sent from Cisco Technical Support iPhone App

minh_hieu · ‎09-17-2013

Thank you all. Can you give me few ways of using ACL to do it? Because as far as I know layer 2 traffic will go directly from host to host using MAC forwarding table, not transit through our router. So how can our router apply ACL for it?