I have two PC's on separate vlans within interface x0 - that I need to completely restrict from all other "vulnerable" vlans on the interface. These are vlans 1 2 and 3 we'll call them. These "risky" PC's are on vlan 4.
Switching - I can successfully make the risky PC grab the risky vlan tag when the port it's plugged into is programmed as such in the switch.
But, for various reasons, I need the network to be ready for the possibility of one of these risky PC's being plugged in anywhere - where it is likely that the port is programmed to the vulnerable vlan.
So I created an address object with the ethernet mac and then set rules saying deny anything from x4 to 1/2/3 when the source is such address object. But still the PC will take an address when plugged into a port that includes any other vlans.
How do I make sure it only communicates with the dhcp server on the risky vlan? I don't want these PC's to have any chance of ever getting on these other vlans. What am I doing wrong?
No comments:
Post a Comment