Buy or Renew
Buy or Renew
We are currently experiencing Knowledge Base board outages and are working to resolve. Thank you for your patience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
3
Replies

Design to isolate a group of users

h.parsons
Level 3
Level 3

‎07-23-2004 07:55 AM - edited ‎03-02-2019 05:16 PM

My network consists of 20 VLANs that contain users I want to isolate from everyone else. They are spread accros all vlans. I want them to talk with each other but no one else. I am using CAT 6500 and CAT 3550's. I have a few ideas but I want to know the best way to do this.

Labels:
0 Helpful
3 Replies 3

pinnacledata
Level 1
Level 1

‎07-23-2004 08:22 AM

You could use a private vlan. You would want to set them up as community (as opposed to isolated) so they can talk to each other but no one else.

0 Helpful

steve.busby
Level 5
Level 5
In response to pinnacledata

‎07-23-2004 11:42 AM

Private vlans coupled with VACLs as outlined here should accomplish what you wish:

http://cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml

0 Helpful

pmajumder
Level 3
Level 3
In response to pinnacledata

‎07-23-2004 11:51 AM

Private VLAN's is a good choice, it's specially useful in a DMZ area as it provides great L2 security. However, the switch(s) must be in transparent mode, and you must also manually remove pvlan port arp entries if the end station changes (MAC address), since the arp does not age out.

You can also consider using VLAN ACL, or a combination of the two - ultimately though it really depends on your security requirements.

0 Helpful
Customers Also Viewed These Support Documents