Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2356
Views
5
Helpful
5
Replies

Block a Computer using Layer 3 Switch

Go to solution
Shiva_B
Level 1
Level 1

‎04-12-2018 05:05 AM - edited ‎03-08-2019 02:37 PM

Hi,

 

We are planning to block certain devices from communicating to a different network segment or different LAN & towards internet using L3 switch / ACL & I am not good with Networking concepts to propose.

 

I would like to know what are all the possibilities to use this - While the IP address is Dynamic.

Is there an option to block using MAC address?

Is there a way to block a specific protocol keeping dynamic IP in mind.

 

Any other additional info will be highly helpful to block a computer which cannot be traced.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎04-12-2018 05:51 AM

Hi,

as you mentioned that there is DHCP server available and users are getting IP through DHCP only. I think Mac ACL is a good solution for you. 

 

Please read the below article:

http://cauew.blogspot.ae/2008/08/vacl-vlan-maps-mac-acl.html

 

Regards,

Deepak Kumar

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎04-12-2018 05:15 AM

Hi there,

If you know what the MAC address is, why not create a DHCP reservation for the device, which in turn would allow you to create Layer3 ACLs.

 

cheers,

Seb.

Go to solution
Shiva_B
Level 1
Level 1
In response to Seb Rupik

‎04-12-2018 05:47 AM

Yes. We have that plan in mind. But we want to keep the device available within the LAN.

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to Shiva_B

‎04-12-2018 06:00 AM

A Layer3 ACL would only be applied to the interfaces routing the subnet, ie the router.

Your orginal post requested a way to filter traffic between network segments/ subnets, this would be achieved with a Layer3 ACL.

It would not interfere with intra-VLAN traffic as it is only enforced at the subnet gateways.

 

cheers,

Seb.

0 Helpful

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni
In response to Seb Rupik

‎04-12-2018 06:06 AM

Hi, 

@Seb Rupik thanks for the reply and I agree with you. I mentioned that he can apply MAC ACL in VLAN itself (VACL) and example is also showing same. 

 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎04-12-2018 05:51 AM

Hi,

as you mentioned that there is DHCP server available and users are getting IP through DHCP only. I think Mac ACL is a good solution for you. 

 

Please read the below article:

http://cauew.blogspot.ae/2008/08/vacl-vlan-maps-mac-acl.html

 

Regards,

Deepak Kumar

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents