Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
782
Views
0
Helpful
1
Replies

Creating "guest"internet vlan where devices cannot see each other.

peele87
Level 1
Level 1

‎02-25-2023 03:29 AM

Hi, I am trying to set up a vlan for "internet only" devices that I do not wish to be seen by other devices on the same vlan. I created the vlan and set up ACL rules to keep traffic separated from other vlans, but I cannot figure out how I would keep the devices from seeing others on the same network.

Can anyone explain how to do this without DNA on a catalyst 9300 switch...or any modern Cisco switch for that matter.

Appvalley https://vlc.onl/
Labels:
0 Helpful
1 Reply 1

MHM Cisco World
VIP
VIP

‎02-25-2023 05:38 AM - edited ‎02-25-2023 05:40 AM

My idea is run VALN access map with MAC acl 
MAC acl  allow ARP action forward 
MACL acl allow GW MAC action forward 
MAC acl allow other mac action deny 

Block ARP Packets with Use of MAC Access Lists and VLAN Access Maps on Catalyst 2970, 3550, 3560, and 3750 Series Switches - Cisco

0 Helpful
Customers Also Viewed These Support Documents