06-11-2014 10:11 AM - edited 03-07-2019 07:42 PM
I have a VLAN with an ID of 140.
This VLAN works perfectly across the network. It is trunked to multiple access switches, through our 5548's, and also into our Wireless LAN Controller(5500 Series).
I want VLAN 140 (10.10.140.0/24) to be completely isolated from all other VLANS. We have about 50 access points spread out over 3 buildings that offer wireless connectivity to clients.
I have never setup a Private VLAN (if this is even the right choice), but I have read the documentation and it seems fairly easy.
Create the Private VLAN and then associate ports to the Private VLAN.
I have looked at the Wireless LAN controller and haven't found a way of designating the existing VLAN as an associated Private VLAN.
Am I on the right track?
Is this possible?
06-12-2014 01:58 AM
Not 100% sure what you are asking here! Do you want to stop clients in VLAN140 talking to the rest of your network?
Or are you looking to stop clients in VLAN140 talking to each other?
Or both ?
06-12-2014 05:18 AM
Thanks for responding.
I want the clients to be able to talk to each other in VLAN 140. but I want the VLAN 140 to be isolated from all other VLANs.
06-12-2014 05:22 AM
Then you need to look at whatever device on your network does your Layer 3 routing and ensure there is something inplace to stop VLAN 140 routing traffic to other VLANs.
E.g. if you connect a device to VLAN 140 and it gets 10.10.140.0/24 address what is the default gateway? It is this device that will need some configuration.
Hope that makes sense?
06-12-2014 05:44 AM
It is 5548 and the VLAN Gateway is 10.10.140.1.
I know 'where' to configure it, I was hoping I was on the right track with setting up Private VLANS to accomplish this. Also, does the 5500 WLC allow configuration to be included into the PVLAN?
Are you suggesting that I setup access-lists to do this? I was hoping to "hard-code" it.
06-12-2014 05:54 AM
As I understand it private VLAN's would only help you if you wanted to block hosts within the VLAN talking. On the WLC this can be done using peer to peer blocking.
In your case you want to block what happens outside the VLAN at Layer 3 so I think yes you are looking at an access list to achieve this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide