Restrict access to sensitive VLANs

vd123_cisco · ‎06-05-2012

Hi All,

We have a network of 30 VLANS and currently all the vlans have access to everyhing. We are using Cisco 6509 switch for Layer3 routing.

I would like to prevent some VLANs accessing the server VLANs. Can anyone advise how can i resrict access to the server VLANs?

Do i need to implement access-lists on the 6500 switch? or do i need to create VLANS on the firewall so that all traffic i filtered?

Thanks

Jay

Sandeep Choudhary · ‎06-05-2012

use ACL on this layer 3 switch to block some vlan to access server vlan

Regards

lgijssel · ‎06-05-2012

You can use both solutions but with everything in one routing domain it will be somewhat cumbersome to allow exactly the traffic that you want. There is a third option namely to place the vlans which need to be filtered in a different context using vrf lite.

You may then use the firewall to route and filter traffic. Please check this example:

http://www.cisco.com/en/US/products/hw/modules/ps2797/products_tech_note09186a0080b6216e.shtml

regards,

Leo

vd123_cisco · ‎06-06-2012

Thank you for the reply guys.

Can you confirm if the access-lists will go under VLAN interfaces on 6500 switch?

Thanks

Jay