pVLAN or something else.......!

gauravshar · ‎01-30-2008

Hi Gurus,

I want one of the PC in my LAN which should not communicate with any other PC/device of same or different VLAN/Subnet of the LAN. One of the probable solution could be private vlan but the switch is 2950 at which it is sitting, which does not support private vlan. How can i acheive this without moving the PC to my core-layer 4500 series switch?

Thanks and regards,

--gaurav

Edison Ortiz · ‎01-30-2008

switchport protected

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/CR/cli2.html#wp1487219

HTH,

__

Edison.

gauravshar · ‎01-30-2008

Thanks Edison,

But, as the first line of the document says "Use the switchport protected interface configuration command to isolate unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch.", this switchport will be isolated from other protected ports of the same switch locally. Doesn't that mean that the PC in question will be able to communicate with the device of its vlan but on different switch? Help me understanding it if I'm wrong somewhere?

--gaurav

Edison Ortiz · ‎01-30-2008

interfaces with protected enabled, won't be able to communicate with other protected enabled interfaces.

protected enabled interfaces are able to communicate to non-protected interfaces.

If I recall correctly, this information isn't carry from switch to switch, for that you need Private Vlans.

__

Edison.

gauravshar · ‎01-30-2008

But as per "Private VLAN Catalyst Switch Support Matrix" document 2950 switch does not support pvlan-isolated/community vlans. Is there any other way out? I want just one PC to get isolated.

--gaurav

Edison Ortiz · ‎01-30-2008

The only option you have is with switchport protected, no other choices are provided with the 2950.

__

Edison.