Separate traffic from port to port

Answered Question
May 13th, 2008

Dear experts,

I have 1 2960 switch. I need to separate traffic from each switch port to the others except for one or more common ports.

For example. I have 3 ports: 1,2,3. I need to make sure that

- Traffic from port 1 can not reach port 2 and vice-versa

- Traffic from both port 1 and 2 can reach port 3 and vice-versa.

Can I use VLAN to solve this problem ? As I see that some switch has the ability to assign multiple VLANs to one port. But I found no ways to do this with a cisco switch.

Would you please recommend me a solution to complete this task using no more than a 2960 switch?

Notes: I think that trunk port won't work as no other device in the system is VLAN-Sensitive except for that 2960

I have this problem too.
0 votes
Correct Answer by rsohi about 5 years 11 months ago

This might add some value as well:

Some applications require that no traffic be forwarded at Layer 2 between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

Protected ports have these features:

•A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.

•Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swtrafc.html#wp1029319

regards,

Raj

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 3 (1 ratings)
sirdudesly Tue, 05/13/2008 - 07:23

Yes you would use VLAN's to do this, vlan design is fairly well documented on the cisco site.

Correct Answer
rsohi Tue, 05/13/2008 - 09:10

This might add some value as well:

Some applications require that no traffic be forwarded at Layer 2 between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

Protected ports have these features:

•A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.

•Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swtrafc.html#wp1029319

regards,

Raj

nguyenquangthuat Tue, 05/13/2008 - 14:16

Tks for your replys so much,

As checking some guidelines I see that 2960 only supports PVLAN EDGE (PROTECTED PORT).

Please tell me that if PVLAN EDGE will work in my case or not ?

A sample configuration for my case (3 ports, port 3 is the common one) is appreciated

Tks so much

rsohi Wed, 05/14/2008 - 08:25

Hello, from your description this should work. Basically, make ports 1 and 2 protected. Protected ports won't talk to each other. Port is unprotected so it should be able to communicate with the other ports.

regards,

Raj

Actions

Login or Register to take actions

This Discussion

Posted May 13, 2008 at 6:39 AM
Stats:
Replies:5 Avg. Rating:3
Views:153 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,155
3 7,745
4 7,088
5 6,742
Rank Username Points
140
80
78
69
40