08-05-2011 10:47 AM - edited 03-07-2019 01:34 AM
What would be the best method to prevent vlan hopping or inter vlan communication? I have an 881 router with a trunk port that is connected to a 2960 which has a additional trunk port connected to a 2nd 2960 switche and then it is trunked to a third 2960 (see attached drawing). I created a vtp domain and brodcast the vlans across the links so all switches are aware of all vlans (8 vlans). I created the vlan interfaces 7 AND 8 on the 881 and dhcp scopes per vlan and all is working well. Now I want to add security so access between vlans is impossible (if that IS possible). Besides acl's on the router that prevent access between subnets, what else can I apply on the router and what would you recommend on the switches?
08-05-2011 10:55 AM
Here is a good document regarding securing Cisco devices.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
HTH
08-05-2011 12:43 PM
Gerard
Unfortunately cannot read visios but vlan hopping etc. is tied to the native vlan concept and vlan 1. Hopefully you aren't using vlan 1 for anything but if you are you should look to change it.
Attached is a link to a white paper on vlan security. It is written for the 6500 but a lot of it is relevant to all Catalyst switches -
Jon
08-05-2011 01:11 PM
Hi,
Could you please refer the below link for configuring Private vlans & VACL
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml
Supported platforms:
================
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
Hope this helps
Cheers
Somu
Pls rate the answer if the content was found useful
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide