blocking traffic between vlans

erodrig · ‎04-06-2004

Hi, i need to block traffic between vlans in one way, i mean hosts in vlan 12 should reach hosts in vlan 9, but vlan 9 should not reach hosts in vlan 12

what is the best way to do it?

thanks

tbaranski · ‎04-06-2004

You'll need to use ACLs that are capable of keeping state on traffic flows: either reflexive ACLs or CBAC. Not all devices support these types of ACLs,though.

erodrig · ‎04-07-2004

ups, my catalyst 4006 (ios version 12.1(19)EW) don´t support this ACLs any other idea?

regards

milan.kulik · ‎04-06-2004

If you really need to be safe, what about to connect PIX to separate these networks?

It enables connection from "inside" to "outside" by default while blocking any "outside" to "inside" connections.

And you can tune with high granularity which traffic you allow and which not.

Regards,

Milan

erodrig · ‎04-07-2004

Hi

i don´t have a pix, i need to do it with a catalyst 4006 (ios 12.1(19)EW), are the ACLs the only way?

regards

tbaranski · ‎04-07-2004

Some type of filtering, whether via ACLs or a firewall, is the only method I can think of to accomplish what you want to do.