cancel
Showing results for 
Search instead for 
Did you mean: 

How do you create a VLAN that isolates devices does not allow machines to communicate with each other within the VLAN

How do you create a VLAN that isolates devices does not allow machines to communicate with each other within the VLAN

jsilva7765
New Contributor

Hello. I have a VLAN and I would like to iscolate all traffic within the VLAN so devices within the same VLAN cannot communicate with each other. What is the best way to go about this?

1 ACCEPTED SOLUTION

Stefan_K_
Valued Contributor

Single switch or multiple switches?

there are generally two features that could be used:

  • private VLAN
  • Port Isolation

Best regards

Stefan

View solution in original post

3 REPLIES 3

Tomasz
Valued Contributor II

Hi,

 

Do you mean the VMs to be isolated? Would Direct Attach feature (aka EVB/VEPA) do the job to pull the inter-VM traffic out of a vSwitch to control it entirely on EXOS? Then, if you need L3 communication isolation in the same subnet, an ACL or a Policy to block every IP in that subnet (besides the default GW if needed) might do the work. If you need L2 isolation and you cannot do separate port groups/VLANs, some sort of dmac blacklist would have to be created (ACL or Policy, static blackhole fdb entries would prevent these MAC addresses from any communication at all).

 

Hope that helps,

Tomasz

jsilva7765
New Contributor

Hi Stefan,

 

It is a single switch stack, two X440 switches. Connected to the switch is a hypervisor cluster; on the hypervisor cluster, we have a vSwitch tagged to the VLAN, which various virtual machines use. We have firewall rules restricting traffic between the VLAN, but we need the clients isolated from each other in this specific VLAN.

Stefan_K_
Valued Contributor

Single switch or multiple switches?

there are generally two features that could be used:

  • private VLAN
  • Port Isolation

Best regards

Stefan

GTM-P2G8KFN