Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
1
Replies

PVLAN Isolated VLANs and Ports

ebarks_aimwick
Level 1
Level 1

‎11-27-2013 02:12 PM - edited ‎03-07-2019 04:49 PM

Due to the wonderfull world of PCI Compliance, I have a need to seup a way to block traffic between hosts on a specific subnet at layer 2, this so each host cannot communicate with another host in its same subnet at layer 2. As I understand isoalted Private VLAN ports should do the trick, right ... However, we have a wonderfull microsoft application running on each host called Lync. Lync says if I want to Instant Message a host in my same subnet, I will connect directly to the host and not an external server.

So this brings me to my question, Is there a way I can use some sort of ACL at Layer 3 or Layer 2 that would allow the isolated  PVLAN to inspect and allow tcp traffic for a certain port and deny all others within that subnet? Or is there another way around implementing PVLANs to achieve the goal here?

Your Imput is much appreciated on this Topic..

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎11-27-2013 02:34 PM

What two systems are you trying to isolate from each other? I have a few clients that adhere to PCI and we have never had to isolate two systems from each other at L2. There may be a better design or another way to filter.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card