Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NBAR or IDSM-2 to stop blaster between vlans?


we have 13 floors in our building. All the floors come down into the same switch via gig links. Each floor is an individual subnet vlan. That switch

then communicates to other server farm switches via a gig uplink. The problem we want to remedy is how to keep workstations that are infected with Blaster or future variants from "blasting" each from floor-to-floor. By this I mean, if we have infected machines on the 5th floor then they will bombard

clients on the other floors. What is the best way to contain this situation?

Should I use the IDSM-2 to shun these attacks via dynamic VACLs or should I use NBAR for this situation or even just private vlans?? Of course private vlans will only help on each respective vlan subnet. Also, If I use NBAR (IDSM-2 too??) will it block all good traffic as well? I know with NBAR I

can have it drop traffic altogether which is the ultimate goal. I have read the following SAFE document and it is very good but it still leaves many questions unanswered. There is an NBAR sample config there as well.


Re: NBAR or IDSM-2 to stop blaster between vlans?

Since you are using switches, VACLs seem to be a better option. The use of IOS ACLs on the Cisco Catalyst 4000 with a Sup3 and Hybrid and Native configurations of the Cisco Catalyst 6500 is recommended. Take a look at this document for configuration details.