[c-nsp] Block traffic between users in the same vlan

Ruben Montes Ruben.Montes at eu.didata.com
Wed Apr 13 11:47:08 EDT 2005 

Hello,
 
yes, I know the command switchport protected, but cat6500/4500 don't support it. I think  VACL (VlansACL) are the solution, but i have never configured it and I don't know its behavior.
Any help would be appreciated.
 
Best regards,
 
Ruben

	-----Mensaje original----- 
	De: Erdem Sener [mailto:erdem.sener at borusantelekom.com] 
	Enviado el: mié 13/04/2005 17:39 
	Para: Ruben Montes; cisco-nsp at puck.nether.net 
	CC: 
	Asunto: RE: [c-nsp] Block traffic between users in the same vlan
	
	



	Hello,
	
	
	 You could do "switchport protected" on each vlan interface, which will
	force the traffic between
	ports going through a layer3 device, default gateway in your case.
	
	 Erdem
	
	> -----Original Message-----
	> From: cisco-nsp-bounces at puck.nether.net
	> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ruben Montes
	> Sent: Wednesday, April 13, 2005 6:07 PM
	> To: cisco-nsp at puck.nether.net
	> Subject: [c-nsp] Block traffic between users in the same vlan
	>
	> Hello,
	>
	> I want to block traffic between users in the same vlan: the
	> only communication allowed will be with the default gateway
	> of this vlan.
	>
	> source dest action
	> 192.168.1.0/24 192.168.1.1/32(gateway) permit
	> 192.168.1.0/24 192.168.1.0/24 deny
	> 192.168.1.0/24 not(192.168.1.0/24) permit
	>
	> Can this be accomplished with VACLs? This is a wifi
	> environment and we want to block all access between wifi
	> clients. I know there's a functionality called PSPF, but this
	> only applies to clients associated in the same AP.
	> Any working configuration would be appreciated.
	>
	> Regards,
	>
	> Ruben
	>
	> _______________________________________________
	> cisco-nsp mailing list  cisco-nsp at puck.nether.net
	> https://puck.nether.net/mailman/listinfo/cisco-nsp
	> archive at http://puck.nether.net/pipermail/cisco-nsp/
	>
	
	
	UYARI/NOTIFICATION:
	***************************************************************************
	Bu e-posta ve ekleri sadece gonderilen adres sahiplerine aittir. Bu mesajin yanlislikla tarafiniza ulasmis olmasi halinde, lutfen gondericiye derhal bilgi veriniz ve mesaji sisteminizden siliniz. BORUSAN TELEKOM bu mesajin icerigi ve ekleri ile ilgili olarak hukuksal hicbir sorumluluk kabul etmez.  Gonderen taraf hata veya unutmalardan sorumluluk kabul etmez.
	
	The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed.If you received this message in error, please immediately notify the sender and delete it from your system.BORUSAN TELEKOM doesn't accept any legal responsibility for the contents and attachments of this message.The sender does not accept liability for any errors or omissions.
	
	***************************************************************************

More information about the cisco-nsp mailing list