cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
953
Views
0
Helpful
8
Replies

3550 VS. 3560 - Suggestions

ShaunieK226
Level 1
Level 1

Hey there all.

I am in the process of purchasing a Catalyst 3550 or 3560 Catalyst and need confirmation on software and capibilities. The switch needs to be able to do Private Vlans, have 2 SPAN Ports, and at least 2 GBIC Ports. I am aware that the 3560 w/12.2(20)SE - EMI

can def. support what we need it for but, I was wondering if a 3550 would be able to support all this as well if it had the proper software. So, what I need to know is can a 3550 do this and if so what software would I need?

Thanks

Shaun

8 Replies 8

Jon Marshall
Hall of Fame
Hall of Fame

Hi Shaun

3550 switch does not fully support private vlans. Attached is a link to private vlan support matrix for catalyst switches.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml

Even if they did i would strongly recommend you go for the 3560 as this is a newer switch which has replaced the 3550.

HTH

Jon

Thanks!

I didn't think the 3550 Series could support it but I wanted confirmation. Though what do you mean by NOT FULLY SUPPORT? What we need to do is block certain ports from seeing each other on the switch. For instance, Eth1 can see 2-10 but not 11-24 or Eth 3 can see Eth1,2,6,10,11 but noting else. Etc. Eveything will be on the same network. 172.16.X.X/24

Again that you

Shaun

Shaun

If you have a look at the link i sent you can see that the 3550 only supports PVLAN Edge or protected ports.

Protected ports would actually meet your requirement though in that you an block ports from seeing each other on the same switch.

The EOS/EOL announcement has been made for the 3550 though so it would be better to go with the 3560 - see attached link.

http://www.cisco.com/en/US/products/hw/switches/ps646/index.html

If you still want to pursue the 3550 option let me know and i'll check it against your other requirements.

HTH

Jon

I guess what I need know is can Port Security Provide the ability to do this??

Router A - Can see/ping All Routers

Router B - Can see/ping All Routers

Router C - Can see/ping All Routers

Router D - Can see/ping All Routers

Router E - Can see/ping ONLY A,B,C,D

Router F - Can see/ping ONLY A,B,C,D

Router G - Can see/ping ONLY A,B,C,D

Router H - Can see/ping ONLY A,B,C,D

Routers connected to the switch:

Router A - Company Routert can't see clients

Router B - Company Routert can't see clients

Router C - Company Routert can't see clients

Router D - Company Routert can't see clients

Router E - Company Routert can't see clients

Router F - Client Router can't see company

Router G - Client Router can't see company

Router H - Client Router can't see company

We just need to make sure Clients don't see each other.

Shaun

A protected port cannot send traffic to another protected port at layer 2. So if all your router interfaces are in the same subnet then you could meet your first set of conditions by

1) leave Router A, B, C, D as unprotected ports.

2) Make router E, F, G, H protected ports.

With this setup A, B, C, D will be able to talk to all routers.

E, F, G, H will only be able to coimmunicate with A, B, C, D.

Not sure i understand your second set of conditions. Is it just another way to explain the first set ?

Jon

Sorry Jon,

What I meant was this.

I guess what I need know is can Port Security Provide the ability to do this??

Router A - Can see/ping All Routers

Router B - Can see/ping All Routers

Router C - Can see/ping All Routers

Router D - Can see/ping All Routers

Router E - Can see/ping ONLY A,B,C,D

Router F - Can see/ping ONLY A,B,C,D

Router G - Can see/ping ONLY A,B,C,D

Router H - Can see/ping ONLY A,B,C,D

Routers connected to the switch:

Router A - Company Router - Can see all routers

Router B - Company Router - Can see all routers

Router C - Company Router - Can see all routers

Router D - Company Router - Can see all routers

Router E - Company Router - Can see all routerS

Router F - Client Router - Only see A,B,C,D

Router G - Client Router - Only see A,B,C,D

Router H - Client Router - Only see A,B,C,D

Router F,G, & H CANNOT See each other

We just need to make sure Clients don't see each other.

I.E. F can't see G or H

G can't see F or H

H can;t see F or G

Shaun

Based on the docs yes it can do what you need. F, G, H are made protected ports and therefore cannot see each other at layer 2.

Non-protected ports can communciate with both protected and other non-protected ports.

Note that this does imply that all router interfaces are in the same subnet.

HTH

Jon

Shaun,

As Jon mentioned that 3550 doesnot support full Private Vlan feature, only the basic feature " protected port " is supported. Ports defined as protected on a switch cannot talk to each other at layer2. They will only be able to talk to each other using a layer3 device.

Protected ports have these features:

?A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a layer 3 device.

?Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

?Protected ports are supported on IEEE 802.1Q trunks.

Please check if it can solve your purpose.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_seb/configuration/guide/swtrafc.html#wp1158863

HTH,Please rate if it does.

-amit singh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco