Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Command for Bogus VLAN

All, what is the command to set a port in a VLAN that will take the end user no where? I am wanting to tighten down security on un-used ports. Is there a command that will take the end user only out to the internet?

3 REPLIES
Hall of Fame Super Blue

Re: Command for Bogus VLAN

Hi

If you want to stop a user on the port communicating with any other vlan and only allowing internet traffic you could use an access list on the vlan interface.

If you want to stop a user on the port talking to any other vlan and any machine within the vlan you could look at VACL's which allow you to filter traffic within a vlan.

What we do here is to shut down all unused ports and allocate them into a vlan that is non-routable. So even if the port is accidentally brought up the user can't get anywhere.

HTH

Jon

New Member

Re: Command for Bogus VLAN

Jon, what is the command line you use to allocate them into a VLAN that is non-routable?

Cisco Employee

Re: Command for Bogus VLAN

You can assing the ports to a vlan using the command below:

switch# vlan database

Switch(vlan)# vlan x

config t

interface range fa 0/1 - 10

switchport access vlan x --> a bogus vlan on your switch

Make sure that you dont create an L3 interface for this vlan on your router or L3 switch. this will make sure that you ports are in a separate vlan which is not routable to the internet.

HTH,

-amit singh

307
Views
0
Helpful
3
Replies