Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
592
Views
0
Helpful
5
Replies

Configure Existing VLAN on Wireless Lan Controller to be in a Private VLAN

itm-network-support
Level 1
Level 1

‎06-11-2014 10:11 AM - edited ‎03-07-2019 07:42 PM

I have a VLAN with an ID of 140.

This VLAN works perfectly across the network. It is trunked to multiple access switches, through our 5548's, and also into our Wireless LAN Controller(5500 Series).

I want VLAN 140 (10.10.140.0/24) to be completely isolated from all other VLANS. We have about 50 access points spread out over 3 buildings that offer wireless connectivity to clients.

I have never setup a Private VLAN (if this is even the right choice), but I have read the documentation and it seems fairly easy.

Create the Private VLAN and then associate ports to the Private VLAN.

I have looked at the Wireless LAN controller and haven't found a way of designating the existing VLAN as an associated Private VLAN.

Am I on the right track?

Is this possible?

Labels:
0 Helpful
5 Replies 5

mmoulson1
Level 4
Level 4

‎06-12-2014 01:58 AM

Not 100% sure what you are asking here! Do you want to stop clients in VLAN140 talking to the rest of your network?

Or are you looking to stop clients in VLAN140 talking to each other?

Or both smiley ?

0 Helpful

itm-network-support
Level 1
Level 1
In response to mmoulson1

‎06-12-2014 05:18 AM

Thanks for responding.

I want the clients to be able to talk to each other in VLAN 140. but I want the VLAN 140 to be isolated from all other VLANs.

0 Helpful

mmoulson1
Level 4
Level 4
In response to itm-network-support

‎06-12-2014 05:22 AM

Then you need to look at whatever device on your network does your Layer 3 routing and ensure there is something inplace to stop VLAN 140 routing traffic to other VLANs.

E.g. if you connect a device to VLAN 140 and it gets 10.10.140.0/24 address what is the default gateway? It is this device that will need some configuration.

Hope that makes sense?

0 Helpful

itm-network-support
Level 1
Level 1
In response to itm-network-support

‎06-12-2014 05:44 AM

It is 5548 and the VLAN Gateway is 10.10.140.1.

I know 'where' to configure it, I was hoping I was on the right track with setting up Private VLANS to accomplish this. Also, does the 5500 WLC allow configuration to be included into the PVLAN?

Are you suggesting that I setup access-lists to do this? I was hoping to "hard-code" it.

0 Helpful

mmoulson1
Level 4
Level 4
In response to itm-network-support

‎06-12-2014 05:54 AM

As I understand it private VLAN's would only help you if you wanted to block hosts within the VLAN talking. On the WLC this can be done using peer to peer blocking.

In your case you want to block what happens outside the VLAN at Layer 3 so I think yes you are looking at an access list to achieve this.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card