09-12-2007 10:12 PM - edited 03-05-2019 06:27 PM
I am trying to determine whether a switchport can be configured for access to say vlan 10 and vlan 20 but not be a trunk port. I was told that this could be used for configuring security through a new proposed vlan project but... If anyone has any knowledge about configuring vlan security and/or the port issue that would be great! Thanks
Solved! Go to Solution.
09-12-2007 10:46 PM
Hi Friend,
This is not a supported feature on switches. Some old XL switches do support this feature but that is taken off on all new switches and releases.
HTH
Ankur
09-12-2007 10:46 PM
Hi Friend,
This is not a supported feature on switches. Some old XL switches do support this feature but that is taken off on all new switches and releases.
HTH
Ankur
09-12-2007 10:50 PM
Thank you! I have been searching for a definite answer like that all night. It has been keeping me awake for hours.
09-13-2007 09:03 AM
You mean, both vlans sent untagged on the port right? Indeed the feature has disappeared. What do you what to achieve exactly? I'm wondering if there could not be a private vlan hack;-)
Regards,
Francois
09-14-2007 01:40 PM
The other responders are indeed correct. However, you can still do two different vlans on the same access port. The only to accomplish this is to have one vlan for data and the other vlan for voice. Outside of this config, you must use a trunk. Hope this helps.
Steve
09-14-2007 02:28 PM
That's why I was asking if the problem was to be able to send traffic for two vlans untagged on the port;-) Because except the name, there is not much difference between a voice port and a trunk (if the voice vlan is different from the data vlan): 1q tagging will be a tag to differentiate between the two vlans. BTW, trunk vs access is also Cisco terminology afaik. There is no such thing as an access or a trunk ports in IEEE terms;-)
Regards,
Francois
09-14-2007 02:58 PM
Thanks to everyone for the inputs. Basically, we are trying to use the VLAN's to help implement some security in our network. When we reached the point of who gets access to what we discovered a spider's web. Many people in say the users VLAN need access to the Corp VLAN but not all the users. We can't put them into the corp VLAN because they need access to things that Corp doesn't. And that was just one scenario...
We are a 2-man IT shop and I was trying to find a way to manage the security implementation without having to manage 100's of ACLs. ACLs have never been my strong suit and I was told that multiple VLANs on a port was the way to go, but I was struggling with understanding it.
09-14-2007 03:26 PM
Do you have to do all this at layer 2? You could create a third vlan for those users.
Regards,
Francois
09-14-2007 05:15 PM
I could, but at this point with the propsed project I am going from 3 VLANs currently to 12 VLANs and was hoping not to add anymore than what is absolutely necessary.
09-14-2007 05:28 PM
To add security, you may want to look into Private vlans. You will still need to have more vlans, but you won't need to deal with the ACL's.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: