Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1506
Views
3
Helpful
5
Replies

Anyway to isolate VLAN on Cisco layer-2 switches.

Mahmoud Marie
Level 1
Level 1

‎08-05-2023 02:21 AM

Hello,

Anyway to isolate VLAN on Cisco layer-2 switches. like ARUBA VLAN segmentation feature.

As we need to isolate OT VLAN.

Thanks

Labels:
5 Replies 5

M02@rt37
VIP
VIP

‎08-05-2023 03:16 AM - edited ‎08-05-2023 03:17 AM

Hello @Mahmoud Marie,

Yes, you can isolate VLANs on Cisco layer-2 switches using various methods. One common approach is to use Private VLANs (PVLANs), which provide VLAN segmentation and isolation similar to ARUBA VLAN segmentation feature.

Private VLANs allow you to divide a single VLAN into multiple isolated sub-VLANs, known as secondary VLANs. These secondary VLANs can communicate only with the primary VLAN (also known as the promiscuous VLAN) but are isolated from each other. This provides a secure way to isolate devices within the same VLAN.

Private VLANs are supported on some specific Cisco switch models and might require specific licensing. Be sure to check the documentation for your switch model and software version to ensure compatibility and availability of this feature.

If your specific Cisco switch model does not support Private VLANs, there are other methods for isolating VLANs, such as using ACLs to control inter-VLAN communication, or using VRF instances for L3 segmentation. However, these methods are more suitable for L3 switches or routers.

Pvlan on Cisco Catalyst:

https://www.cisco.com/c/en/us/support/docs/lan-switching/private-vlans-pvlans-promiscuous-isolated-community/40781-194.html

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Kasun Bandara
VIP
VIP

‎08-05-2023 06:41 PM

@Mahmoud Marie hi,yes. you can use cisco Private VLANs.  check below link for guide

https://packetlife.net/blog/2010/aug/30/basic-private-vlan-configuration/

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Mahmoud Marie
Level 1
Level 1

‎08-20-2023 12:49 AM

Hello,

The switches support PVLAN, Just need to know which interface should I create the promiscuous port, here the our network design, just need to isolate OT VLAN.

Thanks

PVLAN.jpg

0 Helpful

paul driver
VIP
VIP

‎08-20-2023 06:29 AM

Hello
Can you elaborate on what you are wanting to accomplish?

If you want to isolate hosts from a single vlan from hosts in other vlans within your network then you could apply a VRF or RACL to the L3 SVI of that particular vlan to negate inter-vlan communication.

If you wish to isolate or control various hosts from communicating with each other at a layer 2 perspective within certain vlan(s) then using PVLANs could accomplish this.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Mahmoud Marie
Level 1
Level 1
In response to paul driver

‎08-22-2023 01:15 AM - edited ‎08-22-2023 01:33 AM

Hello Paul,

Yes I want to isolate OT-VLAN to communicating to any other VLAN, so I will configure PVLAN and need to know which interface should I create the promiscuous port or it not necessary to create promiscuous port as I only need to isolate Layer-2 traffic.

Thanks

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card