05-22-2012 06:22 PM - edited 03-07-2019 06:51 AM
Hi guys,
I have a 3750 switch with IP routing enabled and have lots of VLANs configured on this switch.
What is the best way to prevent VLANs from talking to each other?
At the same time, hosts inside their respective VLANs should not be blocked from reaching any private networks as they could be doing some L2L with another site.
Blocking the VLANs from accessing/telnetting the switch was very simple as I was able to do this in the VTY line section. However blocking VLANs from accessing the other VLANs on the switch seem to be hard and I think there has to be a recommended way of doing this. For example, if hosts in one of my VLANs, in this case VLAN-204 (10.10.10.0/24) want to hack or scan hosts on one of my other VLANs, in this case VLAN-330 (10.20.20.0/24), how can I accomplish this without blocking VLAN-204 hosts from accessing another network they have a site to site tunnel with with the same destination address of 10.20.20.0????
thanks
bigcat
06-01-2012 10:53 PM
Hey bigcat,
I see an ACL, source routing, VRF (but only in software possible on 3750) to archives your goals. In the moment I have no other idea, it would be much helpful to get a complete overview about the situation and which should be allowed and which traffic has to be blocked.
regards,
Sebastian
pls. rate if that help.
06-02-2012 02:14 AM
Please use private vlans. This will be you best bet in addition to what Seb has mentioned above.
Hope this helps.
Cheers,
-amit singh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide