Any way to isolate port per vlan?

Unanswered Question
Jan 22nd, 2009
User Badges:

Is there anyway, on a switch, to allow only traffic from one port to another on one vlan and block the communication between each other on another vlan?


For example, if port f1/0/1 and f1/0/2 both allow vlan 1 (native) and 2, is there anyway to allow device on port f1/0/1 to talk to device on f1/0/2 on vlan 1 but not on vlan 2?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Difan Zhao Fri, 01/23/2009 - 09:18
User Badges:

Thank you for your reply, exonetinf1nity. Private vlan won't be the solution because it's for access links where one interface can only belong to one vlan.


In my case interfaces are trunk ports. They are connected to IP phones. They have one vlan for voice and another native vlan for data. Now I want only voice VLAN be able to talk among interfaces while the data VLAN can only talk to the uplink port to the gateway router. Is that possible? Thanks!

Giuseppe Larosa Fri, 01/23/2009 - 09:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Difan,

to be noted that you don't need to configure the ports to be trunk to support a voice vlan and a data vlan


switchport

switchport mode access

switchport access vlan 111

switchport voice vlan 20


so you should be able to use private vlans on the data access vlans you should be able to use secondary isolated vlans (isolated secondary do exactly what you need thay just talk to the default GW/primary vlan)


Hope to help

Giuseppe


Actions

This Discussion