01-22-2009 03:29 PM - edited 03-06-2019 03:36 AM
Is there anyway, on a switch, to allow only traffic from one port to another on one vlan and block the communication between each other on another vlan?
For example, if port f1/0/1 and f1/0/2 both allow vlan 1 (native) and 2, is there anyway to allow device on port f1/0/1 to talk to device on f1/0/2 on vlan 1 but not on vlan 2?
Thanks!
01-22-2009 04:09 PM
Have a look at the following artical in regards to private vlans, i think it's what your after.
http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml
01-23-2009 09:18 AM
Thank you for your reply, exonetinf1nity. Private vlan won't be the solution because it's for access links where one interface can only belong to one vlan.
In my case interfaces are trunk ports. They are connected to IP phones. They have one vlan for voice and another native vlan for data. Now I want only voice VLAN be able to talk among interfaces while the data VLAN can only talk to the uplink port to the gateway router. Is that possible? Thanks!
01-23-2009 09:40 AM
Hello Difan,
to be noted that you don't need to configure the ports to be trunk to support a voice vlan and a data vlan
switchport
switchport mode access
switchport access vlan 111
switchport voice vlan 20
so you should be able to use private vlans on the data access vlans you should be able to use secondary isolated vlans (isolated secondary do exactly what you need thay just talk to the default GW/primary vlan)
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: