Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
5
Replies

Protected Ports

ShaunieK226
Level 1
Level 1

‎09-18-2007 05:53 AM - edited ‎03-05-2019 06:33 PM

Quick Question...

Is it possible to allow communication between protected ports on the same switch if the switch is a layer 3 Switch? If so, how?

Thanks!

Shaun

Labels:
0 Helpful
5 Replies 5

bjw
Level 4
Level 4

‎09-18-2007 06:02 AM

Shaun,

A protected port is only significant at layer 2 on the local switch. In a layer 3 environment you could have the subject ports on different vlans and do inter-vlan routing, or on the layer 3 device turn on a routing protocol and advertise the subject vlans in the switch.

0 Helpful

ShaunieK226
Level 1
Level 1
In response to bjw

‎09-18-2007 06:15 AM

Thanks, but here's my prob. All 20 routers that are connected to 3560 are on the same network/VLAN 172.16.9.X. Some routers are client Routers and others are company routers. Certain routers need to see each other and others should not. Tried Private VLANS but there are too many devices and to many security restrictions for what we are doing. Was thinking Protected Ports and allowing only certain ports to communicate. Any ideas???

Shaun

Thanks

0 Helpful

bjw
Level 4
Level 4
In response to ShaunieK226

‎09-18-2007 06:34 AM

Is it possible for you to subnet those individual routers networks to get some kind of layer 3 isolation? With every device being on the same network it'll take some amount of access-lists to do what you want. I think protected ports is not what you want in this case.

And what do you really mean when you mention that some routers do not need to see each other?

0 Helpful

ShaunieK226
Level 1
Level 1
In response to bjw

‎09-18-2007 06:56 AM

Subnetting is something I was thinking about doing I'm just not sure if I will be able to get comapny approval to it. But it is prob. a last option.

Here is exactly what I need to accomplish...

Port 5 Needs to see 5,23,24 - No others

Port 7 Needs to see 7,19,20,23,24 - No others

Port 10 Needs to see 10,14,21-24 - No others

Port 14 Needs to see 14,10,23,24 - No others

Port 18 Needs to see 18,19,20,23,24 - No other

Port 20 Needs to see 20, 7,8,11,20-24

Some routers are client routers that communicate with our company routers but do should be aware of the other clients routers connected to the switch. As well, not every client Router should be able to see every Company router on this switch because they have no need to communicate with it.

A bit confusing. I know.

Shaun

(Any ideas suggestions greatly appreciated)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card