Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
0
Helpful
4
Replies

Restrict inter-vlan traffic

Go to solution
Nick wfd
Level 1
Level 1

‎01-12-2013 02:39 PM - edited ‎03-11-2019 05:46 PM

                   Hi,

I have a customer, who has the SVI's configured on the Core (4500x) and this is connected to a ASA 5525x,  there is a requirement of restricting traffic between different vlans. Please suggest on how can i use the ASA to accomplish this task.

ACLs on the Switch are not stateful and hence not considering this option, Also we are not planning to configure the GW's on the ASA since there is lot of traffic between the vlan's and this will become a bottleneck

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to jpeterson6

‎01-12-2013 07:43 PM

If the SVIs stayed on the switch then the traffic will never be sent to the ASA .

-Kureli

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎01-12-2013 02:42 PM

I will be discussing this issue as well in my upcoming webcast, next Tue Jan 15th. You can configure a port on the ASA as a trunk port and configure sub-interface for each of the VLANS and firewall the traffic between them.

https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts

Upcoming Live Webcast in English: January 15, 2013
Troubleshooting ASA and Firewall Service Modules

Register today for this Cisco Support Community live webcast.

-Kureli

0 Helpful

Go to solution
Nick wfd
Level 1
Level 1
In response to Kureli Sankar

‎01-12-2013 02:54 PM

Thanks Kureli,

I will attend the webcast, but from my understanding for the above solution the default gateway for all the vlans has to be moved from the core switches to the ASA ?

0 Helpful

Go to solution
jpeterson6
Level 2
Level 2

‎01-12-2013 03:03 PM

Unfortunately, if you want the ASA to do all the filtering, you will need to move your VLAN Gateways to the ASA.

0 Helpful

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee
In response to jpeterson6

‎01-12-2013 07:43 PM

If the SVIs stayed on the switch then the traffic will never be sent to the ASA .

-Kureli

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card