Below are some thought on both the topic now you can choose which one would be easy for you:-
A) PVLANs provide layer 2 isolation between ports within the same broadcast domain. There are three types of PVLAN ports:
Promiscuous— A promiscuous port can communicate with all interfaces, including the isolated and community ports within a PVLAN. Isolated— An isolated port has complete Layer 2 separation from the other ports within the same PVLAN, but not from the promiscuous ports. PVLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic from isolated port is forwarded only to promiscuous ports. Community— Community ports communicate among themselves and with their promiscuous ports. These interfaces are separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN.
B) VACLs provide access control for all packets that are bridged within a VLAN or that are routed into or out of a VLAN. Unlike regular Cisco IOS ACLs that are configured on router interfaces and applied on routed packets only, VACLs apply to all packets.
Difference between it: ================= PVLANs are best for when you want to segment within the same switch, whereas VACLs will apply to an entire VLAN as a whole.
Also, if you deployed VACLs across an entire VLAN to perform the function of PVLANS the scalabitliy and management would be a nightmare.
Blocking by MAC address would require you to know the MAC addresses of all the devices that would connect to your switches.
Blocking by IP address would require static assignment of all IP addresses on the network. Becaue if they were to change then that host likely wouldn't be able to access the resources it needed anymore. You can't block by subnet b/c everything in that VLAN (if you are using best practice) would be on the same subnet. So you would have to block by individual host addresses.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...