Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IP blocking in same VLAN - Urgent

I have A,B,C IP'Sin a vlan.I want to block communication between A and B,C only .Is it possibel.As A is firewall and B,C are ISA servers.I found that while communication B and C my firewall A gets 100% utilized.Communication is passing through firewall A.

10 REPLIES
Hall of Fame Super Gold

Re: IP blocking in same VLAN - Urgent

Put B and C in a separate VLAN and prune the allowed VLAN.

Community Member

Re: IP blocking in same VLAN - Urgent

Thanks for reply.

Is it not possible to block communication in that devices living in same vlan.

B,C shouldnot communicate to A but to all , living in same vlan ?

Hall of Fame Super Gold

Re: IP blocking in same VLAN - Urgent

You can block with IP but do you have a Layer 3 switch or a router?

Community Member

Re: IP blocking in same VLAN - Urgent

I have 6500 as core , but as this communicaiton should be only L2 then why B,C trying to communicate through my firewall A.B,C are on same switch whereas A is on different switch but all are in same VLAN.

Community Member

Re: IP blocking in same VLAN - Urgent

If you want to filter traffic inside a VLAN, than you need to use a VLAN map and a VLAN filter

Community Member

Re: IP blocking in same VLAN - Urgent

hi,

try configuring Private Vlans could help

rgds/shiva

Community Member

Re: IP blocking in same VLAN - Urgent

There are 2 ways u can do this,one is to use private vlan(use isolated vlan for firewall) and another is use vlan access map.i think vlan access map is easiest to do.create VACLS and apply it to your vlan globally.

Community Member

Re: IP blocking in same VLAN - Urgent

Please tell us: are A, B and C in the same IP subnet?

If yes

* B must reach C directly, and should not use A.

* Check the ip subnet masks on both A, B and C.

If not

* You will need a L3 device to route between B a C. If this L3 device is your firewall, you can't block communication between A and B,C.

Paulo Roque

Community Member

Re: IP blocking in same VLAN - Urgent

they are in same subnet.subnet configure correctly.B and C are Server , they need to communicate , but this communication is affecting the Firewall A.This should not happen at switch level.Once switch know where is B and c it should send directly traffic on that port.

Community Member

Re: IP blocking in same VLAN - Urgent

Hi gajanangavli,

This is my point! If they are in the same IP subnet, there is no reason for they interfere with or use the firewall. If they are interfering with the firewall there is something weird here. Again check the subnet masks in all devices.

184
Views
0
Helpful
10
Replies
CreatePlease to create content