Cisco Catalyst 2960 Config Help ..Port Access

Unanswered Question
Jun 22nd, 2007

I'm looking for a way to do the following. One Ip Segment for devices on this switch 172.16.2.x /24

Port 1 can see all 48 ports

Port 2 Can see Port 1, 3,4,5

Port 3 Can see Port 1 only

Port 4 Can See Port 1, 2, and 6

Etc. Etc. This switch is our Router Switch with many vendors connect in using the 172.16.2.x /24 address and we need a way to block them from seeing certain devices connected to this switch.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vinayrajkp Fri, 06/22/2007 - 15:25

If you want to isolate at Layer 2 then you can consider private vlan. But the combination mentioned by you might be a bit difficult. But study private vlan and see how you can use it for your requirement.

mohammedmahmoud Fri, 06/22/2007 - 23:54


Since your switch is a layer 2 switch, thus the only way to achieve this is via Private VLAN, but unfortunately your switch doesn't support Private VLAN, and thus your only solution is to do inter-VLAN routing on a router, and then use ACL on the router to filter on layer 3 basis (plus using PVLAN edge (protected port)if you require 2 ports on the same VLAN not to communicate in the layer 2 - which is the only PVLAN option supported on your switch).

HTH, please do rate all helpful replies,

Mohammed Mahmoud.


This Discussion