Solved: DMZ ports on a switch with private VLANs

tonycody · ‎09-06-2007

We need to take eight ports out of a 3750 switchstack (four ports on two of the members, remaining ports on these members assigned to network devices; three other stack members have ports assigned to servers, printers, desktops, etc) and assign them to network teams for (soon-to-be) DMZ-based servers. We've looked at doing L2 VLANs, but we'd prefer to keep L3. Other than assigning ACLs, is there a way to dedicate those ports to a DMZ VLAN? Are PVLANs the only other option?

ebreniz · ‎09-12-2007

You'll need to implement 'Private Vlans' to accomplish this. Here are some good links that explain how Private Vlans work and what's needed to configure them:

Securing Networks with Private VLANs and VLAN Access Control Lists

http://www.cisco.com/warp/customer/473/90.shtml

System Requirements to Implement Private VLANs

http://www.cisco.com/warp/customer/473/63.html

View solution in original post

ebreniz · ‎09-12-2007

You'll need to implement 'Private Vlans' to accomplish this. Here are some good links that explain how Private Vlans work and what's needed to configure them:

Securing Networks with Private VLANs and VLAN Access Control Lists

http://www.cisco.com/warp/customer/473/90.shtml

System Requirements to Implement Private VLANs

http://www.cisco.com/warp/customer/473/63.html

tonycody · ‎09-12-2007

Thanks - I was looking for a second opinion and you offered it. Appreciate the links, I'll look though those and compare to our config.