I am trying to allow hosts on a single switch to communicate with an ISCSI SAN, but block the hosts from communicating with each other. Can you tell me if the below configuration will work? All hosts and SAN NIC are in the same VLAN and host MAC's are the SAN. Thanks in advance!
You don't really need the permit 20 line because vacls deny by default if it doesn't match any of the permits. So the rest of the traffic that doesn't match your sequence 10 will be dropped. You'll need to change the 'macc' line to 'match mac address SAN'. Other than that I don't see any issues...
You have to be pretty careful using VACL's as there are many things such as STP, ARP, HSRP, and other L2-based protocols that will also get blocked with your ACL. Also you need to remember that a VACL is not stateful, you would need to allow rules for bidirectional forwarding between the SAN and hosts.
To implement your solution it may be easier/ more scalable to use PVLANs.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...