09-16-2013 09:38 PM - edited 03-07-2019 03:30 PM
Hi community,
Our customer have many VLANs which have our router subinterfaces as default gateways to the Internet. Now for security reason, our customer want to prevent traffic between hosts in a VLAN. Of course we can divide VLANs into small subnets /30 but our customer doesn't want to change it because it affects to IP of many hosts, servers in their network. Instead, they want us to set access-list in our router to prevent it. My question is if it is possible. In my opinion, it is not.
Thanks and regards,
HIeu
Solved! Go to Solution.
09-17-2013 12:03 AM
Types of filtering:
============
VACL:
===========
http://www.cisco.com/en/US/tech/tk389/tk814/tk838/tsd_technology_support_sub-protocol_home.html
http://www.devilwah.com/2010/08/filtering-the-vlan-traffic/
Private-VLAN:
===========
http://packetlife.net/blog/2010/aug/30/basic-private-vlan-configuration/
http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html
802.1x:
======
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_8021x.html
http://www.cisco.com/en/US/tech/tk955/tsd_technology_support_sub-protocol_home.html
HTH
Regards
Inayath
**Plz rate if this info is helpfull.
09-16-2013 09:42 PM
Yes. IT's possible.
09-16-2013 10:25 PM
Agree with Loe many possible ways to prevent this.
09-16-2013 10:35 PM
The best way to achieve this is by using private vlans it is much better than using ACLs, easy to configure, manage, and troubleshoot
Sent from Cisco Technical Support iPhone App
09-17-2013 12:00 AM
Thank you all. Can you give me few ways of using ACL to do it? Because as far as I know layer 2 traffic will go directly from host to host using MAC forwarding table, not transit through our router. So how can our router apply ACL for it?
09-17-2013 12:03 AM
Types of filtering:
============
VACL:
===========
http://www.cisco.com/en/US/tech/tk389/tk814/tk838/tsd_technology_support_sub-protocol_home.html
http://www.devilwah.com/2010/08/filtering-the-vlan-traffic/
Private-VLAN:
===========
http://packetlife.net/blog/2010/aug/30/basic-private-vlan-configuration/
http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html
802.1x:
======
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_8021x.html
http://www.cisco.com/en/US/tech/tk955/tsd_technology_support_sub-protocol_home.html
HTH
Regards
Inayath
**Plz rate if this info is helpfull.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide