topic Restrict inter-vlan traffic in Network Security

Restrict inter-vlan traffic

Nick wfd — Tue, 12 Mar 2019 00:46:13 GMT

Hi,

I have a customer, who has the SVI's configured on the Core (4500x) and this is connected to a ASA 5525x, there is a requirement of restricting traffic between different vlans. Please suggest on how can i use the ASA to accomplish this task.

ACLs on the Switch are not stateful and hence not considering this option, Also we are not planning to configure the GW's on the ASA since there is lot of traffic between the vlan's and this will become a bottleneck

Restrict inter-vlan traffic

Kureli Sankar — Sat, 12 Jan 2013 22:42:10 GMT

I will be discussing this issue as well in my upcoming webcast, next Tue Jan 15th. You can configure a port on the ASA as a trunk port and configure sub-interface for each of the VLANS and firewall the traffic between them.

https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts

Upcoming Live Webcast in English: January 15, 2013
Troubleshooting ASA and Firewall Service Modules

-Kureli

Restrict inter-vlan traffic

Nick wfd — Sat, 12 Jan 2013 22:54:16 GMT

Thanks Kureli,

I will attend the webcast, but from my understanding for the above solution the default gateway for all the vlans has to be moved from the core switches to the ASA ?

Restrict inter-vlan traffic

jpeterson6 — Sat, 12 Jan 2013 23:03:10 GMT

Unfortunately, if you want the ASA to do all the filtering, you will need to move your VLAN Gateways to the ASA.

Restrict inter-vlan traffic

Kureli Sankar — Sun, 13 Jan 2013 03:43:17 GMT

If the SVIs stayed on the switch then the traffic will never be sent to the ASA .

-Kureli