Re: catalyst switch layer 2 ACL

shaikh.zaid22 · ‎08-20-2023

Hi,

we have a collapse architecture, wherein our core sw 9407 acting as a layer-2 and the gateway is our firewall.

we have a requirement to control same vlan traffic to block, is it possible to create a layer-2 ACL or something in the Access layer switches which is catalyst 9200.

Please assist if anybody has any document to achieve it.

balaji.bandi · ‎08-21-2023

we have a requirement to control same vlan traffic to block

May be MAC ACL help you here (just guess) but you need to explain why you looking to do this ? what is the use case ?

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-5/configuration_guide/sec/b_165_sec_9300_cg/configuring_ipv4_acls.html#ID1832

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9500-series-switches/217266-validate-security-acls-on-catalyst-9000.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

shaikh.zaid22 · ‎08-21-2023

@balaji.bandi the requirement is to prevent same vlan connection. Lets say from vlan 10 to vlan 10 rdp connection.

Not a full fledged requirement, since we have a NAC solution sitting in the DC and Netflow is configured on Core sw to send the information for NAC taking configured actions. Since information of certain hosts connected to the same switches will not reach the NAC via netflow, we are having difficulties in achieving this use case.

MHM Cisco World · ‎08-21-2023

I send you message check it

shaikh.zaid22 · ‎08-21-2023

Thanks @MHM Cisco World i checked can u pls share any example configurations.