Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

VLAN Security

Hi,

We have a switch of which ports 13 to 24 are used by an external company. That external company only needds to use the IP phones that are connected to those ports.

I would like to disable the usage for any other device then the IP phones through that switch.

The IT manager doesn't want me to use port security so I'm trying to restrict access on those port only to the VOICE vlan. Can I just remove the native vlan (and all other)from that port?

Any other approaches ?

Greetings,

Stefan

1 REPLY

Re: VLAN Security

If the port is configured for trunking you can clear all the vlans except for the voice vlan. However, if it's configured with voice vlan then is no way to clear the access vlan it will just default to vlan 1. If the data vlan for those port is not used anywhere else, you can do vlan maps:

Configuring VLAN Maps

This section describes how to configure VLAN maps, which is the only way to control filtering within a VLAN. VLAN maps have no direction. To filter traffic in a specific direction by using a VLAN map, you need to include an ACL with specific source or destination addresses. If there is a match clause for that type of packet (IP or MAC) in the VLAN map, the default action is to drop the packet if the packet does not match any of the entries within the map. If there is no match clause for that type of packet, the default is to forward the packet.

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swacl.htm#wp1176911

106
Views
0
Helpful
1
Replies
CreatePlease login to create content