DMZ ports on a switch with private VLANs

Answered Question
Sep 6th, 2007

We need to take eight ports out of a 3750 switchstack (four ports on two of the members, remaining ports on these members assigned to network devices; three other stack members have ports assigned to servers, printers, desktops, etc) and assign them to network teams for (soon-to-be) DMZ-based servers. We've looked at doing L2 VLANs, but we'd prefer to keep L3. Other than assigning ACLs, is there a way to dedicate those ports to a DMZ VLAN? Are PVLANs the only other option?

I have this problem too.
0 votes
Correct Answer by ebreniz about 9 years 1 month ago

You'll need to implement 'Private Vlans' to accomplish this. Here are some good links that explain how Private Vlans work and what's needed to configure them:

Securing Networks with Private VLANs and VLAN Access Control Lists

System Requirements to Implement Private VLANs

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
tonycody Wed, 09/12/2007 - 14:54

Thanks - I was looking for a second opinion and you offered it. Appreciate the links, I'll look though those and compare to our config.


This Discussion