cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
907
Views
0
Helpful
9
Replies

Multiple vlan's on one port possible?

gregator1
Level 1
Level 1

I am trying to determine whether a switchport can be configured for access to say vlan 10 and vlan 20 but not be a trunk port. I was told that this could be used for configuring security through a new proposed vlan project but... If anyone has any knowledge about configuring vlan security and/or the port issue that would be great! Thanks

1 Accepted Solution

Accepted Solutions

ankbhasi
Cisco Employee
Cisco Employee

Hi Friend,

This is not a supported feature on switches. Some old XL switches do support this feature but that is taken off on all new switches and releases.

HTH

Ankur

View solution in original post

9 Replies 9

ankbhasi
Cisco Employee
Cisco Employee

Hi Friend,

This is not a supported feature on switches. Some old XL switches do support this feature but that is taken off on all new switches and releases.

HTH

Ankur

Thank you! I have been searching for a definite answer like that all night. It has been keeping me awake for hours.

Francois Tallet
Level 7
Level 7

You mean, both vlans sent untagged on the port right? Indeed the feature has disappeared. What do you what to achieve exactly? I'm wondering if there could not be a private vlan hack;-)

Regards,

Francois

state
Level 1
Level 1

The other responders are indeed correct. However, you can still do two different vlans on the same access port. The only to accomplish this is to have one vlan for data and the other vlan for voice. Outside of this config, you must use a trunk. Hope this helps.

Steve

That's why I was asking if the problem was to be able to send traffic for two vlans untagged on the port;-) Because except the name, there is not much difference between a voice port and a trunk (if the voice vlan is different from the data vlan): 1q tagging will be a tag to differentiate between the two vlans. BTW, trunk vs access is also Cisco terminology afaik. There is no such thing as an access or a trunk ports in IEEE terms;-)

Regards,

Francois

Thanks to everyone for the inputs. Basically, we are trying to use the VLAN's to help implement some security in our network. When we reached the point of who gets access to what we discovered a spider's web. Many people in say the users VLAN need access to the Corp VLAN but not all the users. We can't put them into the corp VLAN because they need access to things that Corp doesn't. And that was just one scenario...

We are a 2-man IT shop and I was trying to find a way to manage the security implementation without having to manage 100's of ACLs. ACLs have never been my strong suit and I was told that multiple VLANs on a port was the way to go, but I was struggling with understanding it.

Do you have to do all this at layer 2? You could create a third vlan for those users.

Regards,

Francois

I could, but at this point with the propsed project I am going from 3 VLANs currently to 12 VLANs and was hoping not to add anymore than what is absolutely necessary.

To add security, you may want to look into Private vlans. You will still need to have more vlans, but you won't need to deal with the ACL's.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco