Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
890
Views
5
Helpful
3
Replies

Block Host to Host Communications on a sub-interface

Go to solution
shax77
Level 1
Level 1

‎11-08-2017 08:16 AM - edited ‎02-21-2020 06:40 AM

We have our guest network on a sub-interface and are discussing a method of preventing communications between hosts on the guest network.  Is it possible to create an access rule in that sub-interface to accomplish this?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎11-08-2017 08:34 AM

Hi there,

Communication between hosts connected to the same sub-interface will be done at Layer2, no traffic will hit the firewall and therefore it cannot be blocked.

To prevent this communication you should configure protected ports on the access layer where this VLAN is used.

 

cheers,

Seb

View solution in original post

3 Replies 3

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎11-08-2017 08:34 AM

Hi there,

Communication between hosts connected to the same sub-interface will be done at Layer2, no traffic will hit the firewall and therefore it cannot be blocked.

To prevent this communication you should configure protected ports on the access layer where this VLAN is used.

 

cheers,

Seb

Go to solution
shax77
Level 1
Level 1
In response to Seb Rupik

‎11-09-2017 06:29 AM

Thanks for clarifying my thinking. I will pursue the options suggested here!
0 Helpful

Go to solution
Hamdi Kadri
Level 1
Level 1

‎11-09-2017 03:29 AM

You can't configure this on you Firewall, instead you may think of PVLANs as a better solution on your access Switch.
Check this: https://learningnetwork.cisco.com/docs/DOC-16110
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card