Extreme Networks

jsilva7765 · ‎05-02-2021

Hello. I have a VLAN and I would like to iscolate all traffic within the VLAN so devices within the same VLAN cannot communicate with each other. What is the best way to go about this?

Stefan_K_ · ‎05-02-2021

Single switch or multiple switches?

there are generally two features that could be used:

private VLAN
Port Isolation

Best regards

Stefan

View solution in original post

Tomasz · ‎05-06-2021

Hi,

Do you mean the VMs to be isolated? Would Direct Attach feature (aka EVB/VEPA) do the job to pull the inter-VM traffic out of a vSwitch to control it entirely on EXOS? Then, if you need L3 communication isolation in the same subnet, an ACL or a Policy to block every IP in that subnet (besides the default GW if needed) might do the work. If you need L2 isolation and you cannot do separate port groups/VLANs, some sort of dmac blacklist would have to be created (ACL or Policy, static blackhole fdb entries would prevent these MAC addresses from any communication at all).

Hope that helps,

Tomasz

jsilva7765 · ‎05-03-2021

Hi Stefan,

It is a single switch stack, two X440 switches. Connected to the switch is a hypervisor cluster; on the hypervisor cluster, we have a vSwitch tagged to the VLAN, which various virtual machines use. We have firewall rules restricting traffic between the VLAN, but we need the clients isolated from each other in this specific VLAN.

Stefan_K_ · ‎05-02-2021