Any way to isolate port per vlan?

Unanswered Question
Jan 22nd, 2009

Is there anyway, on a switch, to allow only traffic from one port to another on one vlan and block the communication between each other on another vlan?

For example, if port f1/0/1 and f1/0/2 both allow vlan 1 (native) and 2, is there anyway to allow device on port f1/0/1 to talk to device on f1/0/2 on vlan 1 but not on vlan 2?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Difan Zhao Fri, 01/23/2009 - 09:18

Thank you for your reply, exonetinf1nity. Private vlan won't be the solution because it's for access links where one interface can only belong to one vlan.

In my case interfaces are trunk ports. They are connected to IP phones. They have one vlan for voice and another native vlan for data. Now I want only voice VLAN be able to talk among interfaces while the data VLAN can only talk to the uplink port to the gateway router. Is that possible? Thanks!

Giuseppe Larosa Fri, 01/23/2009 - 09:40

Hello Difan,

to be noted that you don't need to configure the ports to be trunk to support a voice vlan and a data vlan

switchport

switchport mode access

switchport access vlan 111

switchport voice vlan 20

so you should be able to use private vlans on the data access vlans you should be able to use secondary isolated vlans (isolated secondary do exactly what you need thay just talk to the default GW/primary vlan)

Hope to help

Giuseppe

Actions

This Discussion