Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX and DMZ devices

I don't know if this can be done or not. But is there a way, or an ACL statement that will prevent hosts on the dmz from talking to other hosts on the same dmz? For example if my dmz is 555.555.0.0, I don't want it to talk to another 555.555.0.0 device.

Is that possible?

2 REPLIES
New Member

Re: PIX and DMZ devices

PIX don't route nor filter traffic within the same subnet. Then you can't count on PIX to do that.

Silver

Re: PIX and DMZ devices

Hi,

If two devices on the same segment and within the same IP subnet are "talking" to eachother, this is done on layer two (MAC layer). There's nothing the PIX can do about it. Ethernet still is a broadcast medium.

But if there is a switch on this segment you can see if this switch supports MAC filtering.

Kind Regards,

Leo

90
Views
0
Helpful
2
Replies
CreatePlease to create content