Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restrict access to sensitive VLANs

Hi All,

We have a network of 30 VLANS and currently all the vlans have access to everyhing. We are using Cisco 6509 switch for Layer3 routing.

I would like to prevent some VLANs accessing the server VLANs. Can anyone advise how can i resrict access to the server VLANs?

Do i need to implement access-lists on the 6500 switch? or do i need to create VLANS on the firewall so that all traffic i filtered?

Thanks

Jay

Everyone's tags (5)
3 REPLIES
VIP Purple

Restrict access to sensitive VLANs

use ACL on this layer 3 switch to block some vlan to access server vlan

Regards

Restrict access to sensitive VLANs

You can use both solutions but with everything in one routing domain it will be somewhat cumbersome to allow exactly the traffic that you want. There is a third option namely to place the vlans which need to be filtered in a different context using vrf lite.

You may then use the firewall to route and filter traffic. Please check this example:

http://www.cisco.com/en/US/products/hw/modules/ps2797/products_tech_note09186a0080b6216e.shtml

regards,

Leo

New Member

Restrict access to sensitive VLANs

Thank you for the reply guys.

Can you confirm if the access-lists will go under VLAN interfaces on 6500 switch?

Thanks

Jay

1387
Views
0
Helpful
3
Replies
CreatePlease to create content