2

So, I have campus LAN, implemented as many VLANs with InterVLAN routing, that spreads on tens of L2 switches and one L3 switch. Now, I have request that hosts on one VLAN don't see each other. But, those hosts, on that VLAN, are spread on many different switches.

So, my questions are:

  1. Do I have to configure/define all of the existing VLANs as Primary and Secondary types, or only the one I need to isolate?

  2. What of the existing VLANs would be primary VLAN? Or should I create new VLAN and define it as Primary?

  3. Trunk ports between the switches will be Promiscuous ports?

Improve this question
5
  • 1
    You may need to provide your switch models to get good answers. Commented Jan 17, 2021 at 0:29
  • These are all Cisco catalyst switches with IOS. Commented Jan 17, 2021 at 0:30
  • 1
    You'd have a much easier time just implementing VACLs (VLAN ACLs or VLAN access-maps). You can check out an example here: networkstraining.com/vlan-access-map-example-configuration Commented Jan 17, 2021 at 1:27
  • A VACL allows you to filter layer 2 traffic just like you would with a router ACL. Commented Jan 17, 2021 at 1:31
  • 2
    My default answer to such requests is "it doesn't work like that." If you want hosts to not "see each other", then don't put them in the same network. (with very few exceptions: eg. AP isolation for guest wifi) Commented Jan 17, 2021 at 11:04

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.