cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
333
Views
0
Helpful
3
Replies

Any way to isolate port per vlan?

Difan Zhao
Level 5
Level 5

Is there anyway, on a switch, to allow only traffic from one port to another on one vlan and block the communication between each other on another vlan?

For example, if port f1/0/1 and f1/0/2 both allow vlan 1 (native) and 2, is there anyway to allow device on port f1/0/1 to talk to device on f1/0/2 on vlan 1 but not on vlan 2?

Thanks!

3 Replies 3

exonetinf1nity
Level 1
Level 1

Have a look at the following artical in regards to private vlans, i think it's what your after.

http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml

Thank you for your reply, exonetinf1nity. Private vlan won't be the solution because it's for access links where one interface can only belong to one vlan.

In my case interfaces are trunk ports. They are connected to IP phones. They have one vlan for voice and another native vlan for data. Now I want only voice VLAN be able to talk among interfaces while the data VLAN can only talk to the uplink port to the gateway router. Is that possible? Thanks!

Hello Difan,

to be noted that you don't need to configure the ports to be trunk to support a voice vlan and a data vlan

switchport

switchport mode access

switchport access vlan 111

switchport voice vlan 20

so you should be able to use private vlans on the data access vlans you should be able to use secondary isolated vlans (isolated secondary do exactly what you need thay just talk to the default GW/primary vlan)

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: