Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
10
Replies

IP blocking in same VLAN - Urgent

gajanangavli
Level 1
Level 1

‎06-11-2009 08:44 PM - edited ‎03-06-2019 06:13 AM

I have A,B,C IP'Sin a vlan.I want to block communication between A and B,C only .Is it possibel.As A is firewall and B,C are ISA servers.I found that while communication B and C my firewall A gets 100% utilized.Communication is passing through firewall A.

Labels:
0 Helpful
10 Replies 10

Leo Laohoo
Hall of Fame
Hall of Fame

‎06-11-2009 09:05 PM

Put B and C in a separate VLAN and prune the allowed VLAN.

0 Helpful

gajanangavli
Level 1
Level 1
In response to Leo Laohoo

‎06-11-2009 09:11 PM

Thanks for reply.

Is it not possible to block communication in that devices living in same vlan.

B,C shouldnot communicate to A but to all , living in same vlan ?

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to gajanangavli

‎06-11-2009 09:33 PM

You can block with IP but do you have a Layer 3 switch or a router?

0 Helpful

gajanangavli
Level 1
Level 1
In response to Leo Laohoo

‎06-11-2009 09:51 PM

I have 6500 as core , but as this communicaiton should be only L2 then why B,C trying to communicate through my firewall A.B,C are on same switch whereas A is on different switch but all are in same VLAN.

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to gajanangavli

‎06-12-2009 12:42 AM

If you want to filter traffic inside a VLAN, than you need to use a VLAN map and a VLAN filter

0 Helpful

networker.cisco
Level 1
Level 1
In response to gajanangavli

‎06-12-2009 06:25 AM

hi,

try configuring Private Vlans could help

rgds/shiva

0 Helpful

kishan1984
Level 1
Level 1

‎06-12-2009 12:52 AM

There are 2 ways u can do this,one is to use private vlan(use isolated vlan for firewall) and another is use vlan access map.i think vlan access map is easiest to do.create VACLS and apply it to your vlan globally.

0 Helpful

pauloroque
Level 1
Level 1

‎06-12-2009 05:46 AM

Please tell us: are A, B and C in the same IP subnet?

If yes

* B must reach C directly, and should not use A.

* Check the ip subnet masks on both A, B and C.

If not

* You will need a L3 device to route between B a C. If this L3 device is your firewall, you can't block communication between A and B,C.

Paulo Roque

0 Helpful

gajanangavli
Level 1
Level 1
In response to pauloroque

‎06-12-2009 05:52 AM

they are in same subnet.subnet configure correctly.B and C are Server , they need to communicate , but this communication is affecting the Firewall A.This should not happen at switch level.Once switch know where is B and c it should send directly traffic on that port.

0 Helpful

pauloroque
Level 1
Level 1
In response to gajanangavli

‎06-12-2009 07:10 AM

Hi gajanangavli,

This is my point! If they are in the same IP subnet, there is no reason for they interfere with or use the firewall. If they are interfering with the firewall there is something weird here. Again check the subnet masks in all devices.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card