«

»

Aug 21

How to deny access for servers in the same VLAN on Cisco switch

In this scenario we have two servers connected on the same VLAN so typically they will be able to communicate directly and do not pass default gateway where you could perform ACL filtering.

To disallow network devices from direct communication use command “switchport protected” under interface configuration.

Configuration Example:

enable
configure terminal
!
interface FastEthernet0/1
  switchport access vlan 10
  switchport mode access
  switchport protected
!
interface FastEthernet0/2
  switchport access vlan 10
  switchport mode access
  switchport protected
!
interface FastEthernet0/3
  switchport trunk encapsulation dot1q
  switchport mode trunk
end

Follow me!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>