Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
0
Helpful
1
Replies

InterVLAN Firewall Options

Jason Fraioli
Level 3
Level 3

‎09-26-2013 08:01 AM - edited ‎03-11-2019 07:44 PM

Good morning,

I am seeking advice regarding firewall capabilities between internal VLANs.  I currently have a collapsed core architecture with a single core switch (4500 series).  All internal VLAN SVIs reside on the core switch.  I'm using access lists to restrict interVLAN communications, but I am wondering what other options I have.  The only thing I can think of is to move the VLAN SVIs to an ASA.  Is that a recommended approach?  Any other suggestions would be greatly appreciated.

Thanks.

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-26-2013 05:06 PM

What security policy are you tring to implement?

I ask becasue we seldom see small-medium networks restricting inter-VLAN traffic. We see it sometimes on larger enterprises (with dedicated firewalls for that purpose) and increasingly in data centers separating VMs or subnets ("east-west" firewalling).

An alternative approach is separate VRF instances if the subnets never talk to one another yet share a single core.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card