Multiple vlan's on one port possible?

Answered Question
Sep 12th, 2007
User Badges:

I am trying to determine whether a switchport can be configured for access to say vlan 10 and vlan 20 but not be a trunk port. I was told that this could be used for configuring security through a new proposed vlan project but... If anyone has any knowledge about configuring vlan security and/or the port issue that would be great! Thanks

Correct Answer by ankbhasi about 9 years 10 months ago

Hi Friend,


This is not a supported feature on switches. Some old XL switches do support this feature but that is taken off on all new switches and releases.


HTH


Ankur

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ankbhasi Wed, 09/12/2007 - 22:46
User Badges:
  • Cisco Employee,

Hi Friend,


This is not a supported feature on switches. Some old XL switches do support this feature but that is taken off on all new switches and releases.


HTH


Ankur

gregator1 Wed, 09/12/2007 - 22:50
User Badges:

Thank you! I have been searching for a definite answer like that all night. It has been keeping me awake for hours.

Francois Tallet Thu, 09/13/2007 - 09:03
User Badges:
  • Gold, 750 points or more

You mean, both vlans sent untagged on the port right? Indeed the feature has disappeared. What do you what to achieve exactly? I'm wondering if there could not be a private vlan hack;-)

Regards,

Francois

Francois Tallet Fri, 09/14/2007 - 14:28
User Badges:
  • Gold, 750 points or more

That's why I was asking if the problem was to be able to send traffic for two vlans untagged on the port;-) Because except the name, there is not much difference between a voice port and a trunk (if the voice vlan is different from the data vlan): 1q tagging will be a tag to differentiate between the two vlans. BTW, trunk vs access is also Cisco terminology afaik. There is no such thing as an access or a trunk ports in IEEE terms;-)

Regards,

Francois

gregator1 Fri, 09/14/2007 - 14:58
User Badges:

Thanks to everyone for the inputs. Basically, we are trying to use the VLAN's to help implement some security in our network. When we reached the point of who gets access to what we discovered a spider's web. Many people in say the users VLAN need access to the Corp VLAN but not all the users. We can't put them into the corp VLAN because they need access to things that Corp doesn't. And that was just one scenario...


We are a 2-man IT shop and I was trying to find a way to manage the security implementation without having to manage 100's of ACLs. ACLs have never been my strong suit and I was told that multiple VLANs on a port was the way to go, but I was struggling with understanding it.

Francois Tallet Fri, 09/14/2007 - 15:26
User Badges:
  • Gold, 750 points or more

Do you have to do all this at layer 2? You could create a third vlan for those users.

Regards,

Francois

gregator1 Fri, 09/14/2007 - 17:15
User Badges:

I could, but at this point with the propsed project I am going from 3 VLANs currently to 12 VLANs and was hoping not to add anymore than what is absolutely necessary.

jlhainy Fri, 09/14/2007 - 17:28
User Badges:

To add security, you may want to look into Private vlans. You will still need to have more vlans, but you won't need to deal with the ACL's.

Actions

This Discussion