01-21-2021 02:21 PM
Hi, I have no expertise on the network. I always appreciate your taking the time to answer my question.
We will connect independent systems (System A and B) using the L3 Switch (Catalyst 9300).
and send the syslog to the cyber security operation center like attached picture.
* System A and B consist of L2 Switch (Catalyst 2960).
In order to prevent access from each system to another system, we would like to ensure that coming data through Port 1~3 is transferred to only port 4. Is it possible to implement this function by changing the settings of the Catalyst 9300?
01-21-2021 02:37 PM
Question is the Cat 9300 Only for send the Syslog to the cybersecurity operation center?
You can have ACL deployed on Cat 9300 - and Allow the source of the network A and B to only to communicate to Syslog server IP.
so they can not communicate with each other network IP address range.
01-22-2021 05:43 AM
Thank you for your reply.
Yes, Cat 9300 transmits only syslog to cybersecurity operation center.
01-21-2021 02:43 PM
Hello,
I assume System A and System B are on different subnets ? And the layer 3 switch is doing the inter-Vlan routing ?
You can use a simple access list to keep both systems from communicating with each other. The configuration would look something like below:
interface GigabitEthernet0/1
description Port 1 Link to System A
switchport mode access
switchport access vlan 10
!
interface GigabitEthernet0/2
description Port 2 Link to System B
switchport mode access
switchport access vlan 20
!
interface GigabitEthernet0/3
description Port 3 Link to System B
switchport mode access
switchport access vlan 20
!
interface GigabitEthernet0/4
description Port 4 Link to Syslog
no switchport
ip address 172.16.1.1 255.255.255.0
!
access-list 101 deny 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 101 permit 192.168.10.0 0.0.0.255 any
!
interface Vlan 10
ip address 192.168.10.1 255.255.255.0
ip access-group 101 in
!
interface Vlan 20
ip address 192.168.20.1 255.255.255.0
01-21-2021 02:58 PM
use VRF if you can, VRF separate the traffic.
01-21-2021 03:01 PM
Just to add a note - On Cat 9K - VRF needs Network Advantage License.
01-22-2021 03:49 AM
Hi Wang,
Simply put, a layer 3 switch combines the functionality of a switch and a router. It acts as a switch to connect devices that are on the same subnet or virtual LAN at lightning speeds and has IP routing intelligence built into it to double up as a router.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide