Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to to prevent leakage of data between VLANs.

Dear All,

Please any one help me

how to to prevent leakage of data between VLANs?

swami

10 REPLIES
New Member

Re: how to to prevent leakage of data between VLANs.

????

vlans can't communicate with other vlans, unless they are routed thru a router.

Cisco Employee

Re: how to to prevent leakage of data between VLANs.

What is the setup that we are talking about here. What are the switches being used. How about using the private vlans?

http://www.ciscosystems.cd/univercd/cc/td/doc/product/lan/cat3560/12244se/scg/swpvlan.pdf

-amit singh

New Member

Re: how to to prevent leakage of data between VLANs.

Mr. Swami,

You can take help of VACL or VLAN access maps in order to prevent one vlan's communication with other vlan. You have to decide very carefully to what extend you need isolation between/among vlans. you have to design the access-lists as per your requirements. Apply all vacl/access-map related commands in your layer3 device which actually is responsible for inter-vlan routing. Have a look at it:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/122sx/swcg/vacl.htm

--gaurav

New Member

Re: how to to prevent leakage of data between VLANs.

Dear Gaurav,

I received the audit report about my branch network from our HO. They told that the spanning tree is not configured correctly.

Could you tell me the best practice to optimize the STP for the banking environment.

2 core switches 4507R with 3750 as edge switches. Internet access thro PIX and 3800 series router is provided. Total 6 floors with each floor in separate vlan.

Thnaks

swami

New Member

Re: how to to prevent leakage of data between VLANs.

Hello Swami,

Kindly let me know the topology of your switches, how they are connected. Moreover, make sure the following configs in your LAN:

1. Make one of the core switches as ROOT bridge and other one as secondary root bridge for a particular vlan (for all vlans separately).

2. Configure root guard option on all access/edge switches (3750 here)

3. All PC/Laptop/Server connected ports can be configured as portfast and bpduguard.

4. On all distribution layer switches configure uplinkfast.

5. configure backbonefast on all core and distribution switches.

Kindly share your topology with us so that we may understand your needs.

--gaurav

New Member

Re: how to to prevent leakage of data between VLANs.

I agree with Gaurav. But, It might be simpler instead of uplink fast, etc, to implement Rapid Spanning-tree on all the switches.

New Member

Re: how to to prevent leakage of data between VLANs.

Gavrav,William,

The topology of the network is not pbplishable since this belong to Intl.Bank.

Let me explain the topology as below

2 core 4507R with dual fiber to each Cabinet IDF. The separate vlan on core switch connected to the PIX firewall and the firewall connected to the edge Inet router for the leased line and branch office connectivity.

We need to optimize the internal LAN only.

I accept gavrav suggesions to implement the STP.Also i like to implement the MST as per RFP of the BANK.

Please give me last advice on this issue before giving customer the proposal.

Thanks

swami

New Member

Re: how to to prevent leakage of data between VLANs.

Dear Swami,

STP (MST/RSTP/PVST/PVST+ etc) is more concerned about LAN, so kindly let us know how core switches and other LAN switches (Edge/access switches) connected. My impression is that you have 2 core switches and some 3750 switches all connected in mesh scenario.

Yes, as Bill said, RSTP would give exactly same services with less head-ache.

MST is nothing but mapping of more than one PVST/PVST+ instances with one MST instance.

have a look at it:

http://www.cisco.com/warp/public/473/147.html

--gaurav

New Member

Re: how to to prevent leakage of data between VLANs.

Gaurav,

You are correct. We have 2core switches and all the edge switches are conected to both the core switches with dot1q trunk.Hsrp not yet configured.I need to configure the STP optimization like u advice and MHSRP etc.

Please u can advice me to follow the procedures.

Swami

New Member

Re: how to to prevent leakage of data between VLANs.

Hi Swami,

I would prefer you to study about STP first and then implement it else it couls create a huge hiccup in the network and you will never be able to figure out what happen and where happen.

BTW you can take help of this link in configuring STP in an effective manner:

http://www.systemsupportsolutions.com/WhitePapers/RapidSpanningTreeConfiguration.pdf

Kindly rate all the posts which you think has helped you.

--gaurav

228
Views
5
Helpful
10
Replies