cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
498
Views
0
Helpful
2
Replies

Using an ASA to control traffic between VLANs?

gregcarvlin
Level 1
Level 1

HI,

   We have a 5510 and a L3 3750x stack. I have Inter-VLAN routing setup and working, but on certain VLAN's I'd like to filter certain traffic. I know you can use an access map to essentially stop inter-vlan, but i'd like to keep certain traffic up and others blocked. Is this currently possible?

An example that matches this is

VLAN1 is users

VLAN2 is servers

VLAN3 is dev

I want users to access server, but only certain things on dev (like a file server for testing). Is there a way to do this?

2 Replies 2

Kyle McKay
Level 1
Level 1

The Inter-VLAN routing is being performed on the 3750 stack?

If you want to control inter-vlan traffic, you could use something like PBR to force the traffic to route toward the ASA prior to the 3750 making a routing decision.

If that solution is not desirable, you could use simple ACLs on the 3750 stack in order to manage the policy between VLANs. This solution will more than likely be clunky and a bit more difficult to manage, however it may be the easiest option.

Hopefully this answers your question!

The inter-vlan routing is being performed on the 3750 stack. We have a vm environment doing VST based switching, which have trunks to port they connect on the 3750's

We DO have a 1921 router with gig interfaces, thinking maybe a router-on-a-stick type solution may be best, and set the next hop on those certain vlans to that router, and controlling the ACL's there.

Got any good docs on the ACLs?

Review Cisco Networking for a $25 gift card