Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1877
Views
0
Helpful
4
Replies

How to block Host on VLAN

joseph.steve
Level 1
Level 1

‎03-04-2012 01:21 PM - edited ‎03-07-2019 05:20 AM

Hello Experts

We got 3 VLANS and I have been requested to block some host in each VLAN.

I share this scenario

vlan 2

interface vlan 2

ip address 192.168.1.254 255.255.255.0

vlan 3

interface vlan 3

ip address 192.168.2.254 255.255.255.0

vlan 4

interface vlan 4

ip address 192.168.3.254 255.255.255.0

Host 192.168.1.100

192.168.1.200

192.168.2.100

192.168.2.200  should not be reachable from any vlan

How do I block these host

thank you

Steve

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎03-04-2012 01:41 PM

Hi,

You can try testing something like this:

access-list 50 deny 192.168.2.100

access-list 50 deny 192.168.2.200

access-list 50 permit any

inter vlan 3

ip access-group 50 out

This access-list prevents other vlans to communicate with host 2.100 and 2.200

access-list 60 deny 192.168.1.100

access-list 60 deny 192.168.1.200

access-list 60 permit any

inter vlan 2

ip access-group 50 out

This access-list prevents other vlans to communicate with host 1.100 and 1.200

HTH

0 Helpful

fb_webuser
Level 6
Level 6

‎03-04-2012 03:40 PM

could you just disable the port?

---

Posted by WebUser Appleclean Kan

0 Helpful

Eduardo Aliaga
Level 4
Level 4

‎03-04-2012 10:18 PM

There are several ways depending on what exactly do you need.

Reza Sharifi showed the use of "router acls". This will block access from other networks.

But if you also need devices from the same vlan 2 (and same network 192.168.1.x) to not access 192.168.1.100 and 192.168.1.200 then you could also use "port acls" on switchports , "vlan maps" (also called vlan acls) or "private vlans".

Please check this link http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=4

Please rate if it helps. Kind regards

0 Helpful

narasimha rao
Level 1
Level 1

‎03-04-2012 11:32 PM

Hi Joseph Steve,

i think some others said diff options like acl etc,but u have use acl for blocking some host ip,if they are know basic knowledge in networks,they use diff ip and then use it.it's my doubt.

i suggest one option ,witch port is connected to that host,simply go into that perticular port n give shutdown command.or use to mac address blocking method.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card