03-21-2023 04:57 AM
Hi All,
Switch port is configured for dot1x and mab authentication and default VLAN is guest VLAN.
We want to block peer-to-peer traffic between guest hosts.
What are possible solutions for this case?
Thanks
03-21-2023 05:12 AM
Hello @Harutyun Hakobyan
One possible solution to block peer-to-peer traffic between guest hosts is to use Private VLANs . PVLANs allow you to isolate ports within the same VLAN, thereby preventing communication between devices connected to those ports.
03-21-2023 05:19 AM
Hello,
Currently dot1x and mab assign "regular" VLANs.
Is it possible also assign private VLAN for the same port?
03-21-2023 05:40 AM
Yes, it is possible to assign a private VLAN to a switch port that is configured for both dot1x and MAB authentication. In fact, using a private VLAN in conjunction with dot1x and MAB authentication can provide an additional layer of security and isolation.
When a port is configured for dot1x and MAB authentication, the switch assigns a VLAN to the connected device based on the authentication results. By default, this VLAN is a "regular" VLAN, but you can configure the switch to assign a private VLAN instead.
To configure a switch port to assign a private VLAN to authenticated devices, you first need to configure the private VLAN on the switch. This involves creating a primary VLAN and one or more secondary VLANs associated with it. Then, you can configure the switch port to use the primary VLAN as the default VLAN and to assign a secondary VLAN as the isolated VLAN.
Once you have configured the private VLAN, you can configure the switch port for dot1x and MAB authentication and specify the private VLAN to assign to authenticated devices. This will ensure that devices authenticated on the port are placed into the isolated secondary VLAN, which provides an additional layer of security and isolation from other devices on the network.
03-21-2023 06:28 AM
VLAN access-map is solution for you to block P2P connection in same VLAN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide