09-10-2008 06:30 AM - edited 03-06-2019 01:17 AM
I have 2 switches, they are connected via an access port (not trunk). I need to block ANY type of traffic between these 2 switches except a couple of hosts that I could define in an ACL.
say for example the access I wanted to permit across switches is :
192.168.0.1 -> 192.168.100.1
What type of access list configuration and (type) would I need to use to ensure ALL other traffic types where blocked (INCLUDING NON-IP TRAFFIC) ?
Would this be a MAC and/or IP based ACL ?
Presumably on either end of the link as the port based ACL will only filter inbound ?
Would a VLAN map be more extensive ? As this is only a temporary situation, I could (I assume) put a switch in between these 2, with a VLAN map applying only on this switch in the middle (to save complications on the "live" switches).
Any pointers would be appreciated.
09-10-2008 07:44 AM
u could put those host in each switch in the same vlan
lets say vlan 10 in switch1 and 2
make this ports as trunk ports and use the command allwed vlans and allaw only vlan 10 to pass and make sure only those hosts in vlan 10
and if u want another level of sec u can make VLAN ACL VACL that forward traffic betwen those hosts only within vlan 10
good luck
if helpful Rate
09-10-2008 08:03 AM
I can't convert the link between the switches into a trunk. I only have access to the config of 1 switch, also the hosts are not directly on the other switch - they are accessible through it.
I am dealing with a provider cloud.
As I need to apply this temporarily, I was prepared to put a switch in between the current 2 switches, in order to have control of the interfaces at either end of link.
Sorry, I didn't expain this before, but I don't think I can create the required affect, by VLAN configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide