Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vlan security

i have a requirement to do security on specific vlan. Only this segment needs to go out to access some applications.

Can i do it by creating a layer2 vlan which would not allow it to mingle with other segments within?

Please advise if this is fine or if there is any other way to do this.

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: vlan security

6 REPLIES
New Member

Re: vlan security

hi,

Use access list matching you internal host IP's and hosts on other subnet. you can just allow port specific access with extended list.

you need to apply access list on L3 interface for that vlan.

Hemant

New Member

Re: vlan security

Apparently, we'r trying to do away with L3 here and just have a L2 vlan which would restrict the movement with that vlan itself. But further to restrict within that vlan , do we have an option.

Thanks!

Hall of Fame Super Blue

Re: vlan security

"But further to restrict within that vlan , do we have an option."

Yes, you can use vlan access lists (VACLs) which allow you to control traffic between hosts within the same vlan. Which switch are you using ?. If you look at the configuration guide for your switch there will be examples of using VACLs.

Jon

New Member

Re: vlan security

its a 6506 switch.

Hall of Fame Super Blue

Re: vlan security

New Member

Re: vlan security

Thanks for your info.

We already opened the TAC case and they asked to use ACL to allow only this LMS to poll the device. It is coming from only one device not from all.

Should I remove all the snmp config from the switch and re-apply it?

Shall I copy the same config from the working core 01 and apply to the second core 02?

Could u provide the patch URL page.

swami

148
Views
0
Helpful
6
Replies