A protected port is only significant at layer 2 on the local switch. In a layer 3 environment you could have the subject ports on different vlans and do inter-vlan routing, or on the layer 3 device turn on a routing protocol and advertise the subject vlans in the switch.

ShaunieK226 Tue, 09/18/2007 - 06:15
User Badges:

Thanks, but here's my prob. All 20 routers that are connected to 3560 are on the same network/VLAN 172.16.9.X. Some routers are client Routers and others are company routers. Certain routers need to see each other and others should not. Tried Private VLANS but there are too many devices and to many security restrictions for what we are doing. Was thinking Protected Ports and allowing only certain ports to communicate. Any ideas???



Is it possible for you to subnet those individual routers networks to get some kind of layer 3 isolation? With every device being on the same network it'll take some amount of access-lists to do what you want. I think protected ports is not what you want in this case.

And what do you really mean when you mention that some routers do not need to see each other?

ShaunieK226 Tue, 09/18/2007 - 06:56
User Badges:

Subnetting is something I was thinking about doing I'm just not sure if I will be able to get comapny approval to it. But it is prob. a last option.

Here is exactly what I need to accomplish...

Port 5 Needs to see 5,23,24 - No others

Port 7 Needs to see 7,19,20,23,24 - No others

Port 10 Needs to see 10,14,21-24 - No others

Port 14 Needs to see 14,10,23,24 - No others

Port 18 Needs to see 18,19,20,23,24 - No other

Port 20 Needs to see 20, 7,8,11,20-24

Some routers are client routers that communicate with our company routers but do should be aware of the other clients routers connected to the switch. As well, not every client Router should be able to see every Company router on this switch because they have no need to communicate with it.

A bit confusing. I know.


(Any ideas suggestions greatly appreciated)


This Discussion