[c-nsp] Block traffic between users in the same vlan

Erdem Sener erdem.sener at borusantelekom.com
Wed Apr 13 11:39:41 EDT 2005



Hello,


 You could do "switchport protected" on each vlan interface, which will
force the traffic between
ports going through a layer3 device, default gateway in your case.

 Erdem 

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ruben Montes
> Sent: Wednesday, April 13, 2005 6:07 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Block traffic between users in the same vlan
> 
> Hello, 
> 
> I want to block traffic between users in the same vlan: the 
> only communication allowed will be with the default gateway 
> of this vlan. 
> 
> source dest action
> 192.168.1.0/24 192.168.1.1/32(gateway) permit
> 192.168.1.0/24 192.168.1.0/24 deny
> 192.168.1.0/24 not(192.168.1.0/24) permit 
> 
> Can this be accomplished with VACLs? This is a wifi 
> environment and we want to block all access between wifi 
> clients. I know there's a functionality called PSPF, but this 
> only applies to clients associated in the same AP. 
> Any working configuration would be appreciated. 
> 
> Regards, 
> 
> Ruben 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


UYARI/NOTIFICATION:
***************************************************************************
Bu e-posta ve ekleri sadece gonderilen adres sahiplerine aittir. Bu mesajin yanlislikla tarafiniza ulasmis olmasi halinde, lutfen gondericiye derhal bilgi veriniz ve mesaji sisteminizden siliniz. BORUSAN TELEKOM bu mesajin icerigi ve ekleri ile ilgili olarak hukuksal hicbir sorumluluk kabul etmez.  Gonderen taraf hata veya unutmalardan sorumluluk kabul etmez.

The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed.If you received this message in error, please immediately notify the sender and delete it from your system.BORUSAN TELEKOM doesn't accept any legal responsibility for the contents and attachments of this message.The sender does not accept liability for any errors or omissions.

*************************************************************************** 



More information about the cisco-nsp mailing list