I have A,B,C IP'Sin a vlan.I want to block communication between A and B,C only .Is it possibel.As A is firewall and B,C are ISA servers.I found that while communication B and C my firewall A gets 100% utilized.Communication is passing through firewall A.
Thanks for reply.
Is it not possible to block communication in that devices living in same vlan.
B,C shouldnot communicate to A but to all , living in same vlan ?
I have 6500 as core , but as this communicaiton should be only L2 then why B,C trying to communicate through my firewall A.B,C are on same switch whereas A is on different switch but all are in same VLAN.
There are 2 ways u can do this,one is to use private vlan(use isolated vlan for firewall) and another is use vlan access map.i think vlan access map is easiest to do.create VACLS and apply it to your vlan globally.
Please tell us: are A, B and C in the same IP subnet?
* B must reach C directly, and should not use A.
* Check the ip subnet masks on both A, B and C.
* You will need a L3 device to route between B a C. If this L3 device is your firewall, you can't block communication between A and B,C.
they are in same subnet.subnet configure correctly.B and C are Server , they need to communicate , but this communication is affecting the Firewall A.This should not happen at switch level.Once switch know where is B and c it should send directly traffic on that port.
This is my point! If they are in the same IP subnet, there is no reason for they interfere with or use the firewall. If they are interfering with the firewall there is something weird here. Again check the subnet masks in all devices.