Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Block particular traffic between two ports in a switch

Two same type of access devices are connected to the two ports of a switch. Uplink of the switch goes to a MPLS edge router. The access devices are shearing some common vlans of edge router. When the devices communicate between each other via common vlans, normally there communicate via switch, the traffic will not go to router. My requirement is to block a particular vlan communication between the access ports.

2 REPLIES
Hall of Fame Super Silver

Re: Block particular traffic between two ports in a switch

Hello Senthilkumar,

private vlans could help:

additional secondary vlans of type isolated or community can be used to allow device to gateway communication only.

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/pvlans.html

However, if the edge device is performing vRF lite (multi VRF CE) you can add new vlans and new SVIs or subifs on the edge device that can allow ip address overlapping in different non communicating VRFs.

Hope to help

Giuseppe

Re: Block particular traffic between two ports in a switch

Use the switchport protected command on the switch for each port and that will not forward traffic to other protected port, you can also do a switchport block multicast or unicast to block unknown multicast or unicast traffic to those ports.

242
Views
0
Helpful
2
Replies
CreatePlease to create content