Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

block ping in the same network via router

Hey Guys,

 

I would like to block ping in the same network, we have Guest Network 10.x.x.x/24 and we dont want them to contact each other computers. We dont have FW and only can use Routers. Could some one tell me how do I do that, should I use ACL and how ? or do we need route map and how ?.

 

Any help will be appreciated. 

 

Thanks

  • WAN Routing and Switching
12 REPLIES
New Member

 Hi, You can try with mac

 

Hi,

 

You can try with mac access list. find the format as below.

 

Extended MAC access list test
    deny   any any vines-echo

New Member

This will block on ARP, I

This will block on ARP, I want to block full connectivity between the USERs in the same network.

If your switch supports it I

If your switch supports it I'd use PVLANs.

That is the best solution...

That is the best solution...

New Member

my switch doesn't support

my switch doesn't support PVLAN

The problem is none of the

The problem is none of the traffic between devices on the same VLAN will traverse the router. Since they are on the same VLAN / IP Subnet all traffic will stay on the switch.

The only thing i can think off now is to configure router on a stick with multiple /30 sub interfaces on the router interface connecting to the switch. With a /30 you can have 2 host per network, one for the guest device and one for its default gateway aka the router sub interface. You'd then use an ACL to prevent each /30 from talking to each other.

New Member

/30 subnet solution means

/30 subnet solution means TONS of lines in the router. Can I do it via route-map or route-policy ?

Are you asking if you can use

Are you asking if you can use policy routing instead of /30's? If so the answer is no. Per my previous comment the traffic isn't even going to hit the router if all devices use a /24

PVLAN is the right solution. Unfortunately you can't do this. Whatever solution you come up with won't be pretty/optimal.

New Member

I found a switch that has

I found a switch that has private vlan option, now here is the design

 

Router --- connect to Switch1 --connect to Switch2 --connect to AP

I am going to configure switch 2 port that connected to AP as isolated so should work I believe. 

141
Views
0
Helpful
12
Replies
This widget could not be displayed.