Preventing Inter-VLAN communication - Layer 3 Switches

xnx · July 2014

What would be the best approach to stop communication between two vlans on a 3550 L3 switch?

Would I have to use VLAN maps and or Router ACLs...? This is one of those things I've never fully understood as the CCNA level books were always based around L2 switches and ROAS..

Thanks

aaron0011 · July 2014

ACLs applied on the SVIs will do the trick.

xnx · July 2014

Thanks, for once I didn't read up properly and I just found this:

Catalyst 3550 Multilayer Switch Software Configuration Guide, Rel. 12.2(25)SEB - Configuring Network Security with ACLs [Cisco Catalyst 3550 Series Switches] - Cisco

It explains everything pretty well.

tomtom1 · July 2014

VACL's are for traffic within the VLAN. In this case, as already mentioned you need to put ACL's on the SVI.

xnx · July 2014

Thanks, yeah I now understand how VLAN maps apply to traffic within a VLAN and can be used to prevent communication between two hosts on the same VLAN.

mesho_emad · July 2014

i want to know also

tomtom1 · July 2014

mesho_emad wrote: »

i want to know also

The answer has been given already, what isn't clear?

Dieg0M · July 2014

wrong. easiest and best way is to put them in separate VRF's

OfWolfAndMan · July 2014

#8
wrong. easiest and best way is to put them in separate VRF's

Agreed.

xnx · July 2014

Thanks, I guess SVI ACLs would be the best approach for a School network - it has 3560s; obviously outdated equipment?

I'll be working on a school network and one day hope to convert one to a Staff/Students/Management VLAN setup where the VLANs are completely isolated.

Preventing Inter-VLAN communication - Layer 3 Switches

Comments