Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Block host to host traffic

I need to block all traffic from host to host that are on the same VLAN. But continue to reach the outside world. I am using a 2921 router. What do I need to do to achieve this?

4 REPLIES
Community Member

Hi, Your description is not

Hi,

 

Your description is not complete, there's not enough information about topology, it may be  helpful if you tell us what device is connecting hosts to your router?

If you are using a switch, you can use VLAN ACL to block host to host traffic on same vlan.

 

HTH

Community Member

I am using a switch and ap's

I am using a switch and ap's from another vender to conect the host. I have thought of using an ACL to stop the trafic. The only problem is I am not up to speed with cisco ACL's to make them work.

Cisco ACLs won't help in this

Cisco ACLs won't help in this case. Traffic between hosts on the same VLAN is controlled entirely from the switches and APs. The routers don't ever see that, so they can't control it.

The APs from just about any vendor will be able to do client isolation, so keeping the wireless clients from talking to each other shouldn't be difficult. Wired clients are another story and will depend on the capabilities provided by the switches. If they have an equivalent to Cisco's "switchport protected" functionality, you should be able to use that.

Same-VLAN traffic doesn't

Same-VLAN traffic doesn't flow to the router, so there's nothing that can be done on the 2921. It all comes down to the switches. What models of switches are you using to serve this VLAN?

If you're using Cisco Catalysts, the easiest option would be to set the ports on these hosts to "switchport protected" in order to isolate them. They'll be able to talk to the switch's SVI (VLAN) L3 interface but not to each other. For more granular control, you can look at private VLANs, but they may be a bit overkill for what you're looking for.

104
Views
0
Helpful
4
Replies
CreatePlease to create content