Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PVLAN Isolated VLANs and Ports

Due to the wonderfull world of PCI Compliance, I have a need to seup a way to block traffic between hosts on a specific subnet at layer 2, this so each host cannot communicate with another host in its same subnet at layer 2. As I understand isoalted Private VLAN ports should do the trick, right ... However, we have a wonderfull microsoft application running on each host called Lync. Lync says if I want to Instant Message a host in my same subnet, I will connect directly to the host and not an external server.

So this brings me to my question, Is there a way I can use some sort of ACL at Layer 3 or Layer 2 that would allow the isolated  PVLAN to inspect and allow tcp traffic for a certain port and deny all others within that subnet? Or is there another way around implementing PVLANs to achieve the goal here?

Your Imput is much appreciated on this Topic..

Everyone's tags (3)

PVLAN Isolated VLANs and Ports

What two systems are you trying to isolate from each other? I have a few clients that adhere to PCI and we have never had to isolate two systems from each other at L2. There may be a better design or another way to filter.