03-02-2010 06:39 PM - edited 03-06-2019 09:57 AM
I wanna seperate clients on same vlan
server ip : 10.0.0.1 - 10.0.0.10
clients ip : 10.0.0.100 - 10.0.0.200
i wanna clients access only server but clients can't talk with another clients
please give me a config on cisco 3560 and cisco 2960
i must use 1 vlan only
thank you for best support
03-02-2010 06:54 PM
Hi,
You need to configure private vlan in 3560 switch.In this scenario,You have to create one more L2 vlan and that will act as seconday isolated vlan
When you are configuring your userzone(client) as isolated vlan, there will be no communication within the clients
VLAN1 -- Primary VLAN and make all those port into promiscous port.so that within the serverzone there will be communication as well they can communicate to userzone(client)
VLAN 2 -- Secondary Isolated VLAN .Assign all the client port into isolated vlan, so that it can communicate to server but within the client there wont be a communication
Before configuring the private vlan the switch should be VTP transparent mode.
For outside users all the ports will be in VLAN 1 , but within that there will be primary and secondary vlans are configured
For more information
regards
karuppu
03-02-2010 10:11 PM
Hi,
Is the interface between 3560 and 2960 an access port? If yes, you should be able do it without add new vlan.
thanks,
Lei TIan
03-03-2010 01:44 AM
please give me a config on 3560 and 2960 on access ports because i don't understand isolate port
server and clients is same vlan ?
thank you for best support
03-03-2010 02:03 AM
Hi,
Before configuring private vlan, all the switches vtp mode should be in transparent mode.
As per your network diagram,find the config
3560 config :
Switch# configure terminal
Switch(config)# vlan 1
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# exit
Switch(config)# vlan 501
Switch(config-vlan)# private-vlan isolated
Switch(config)# vlan 1
Switch(config-vlan)# private-vlan association 501
Switch(config-vlan)# end
Switch(config)# show vlan private vlan
2560 config:
Switch# configure terminal
Switch(config)# vlan 1
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# exit
Switch(config)# vlan 501
Switch(config-vlan)# private-vlan isolated
Switch(config)# vlan 1
Switch(config-vlan)# private-vlan association 501
Switch(config-vlan)# end
Switch(config)# interface fastethernet0/22
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 1 501
Switch(config-if)# end
Hope it helps u.
Regards
Karuppu
03-03-2010 02:34 AM
if server and client is on same vlan [vlan 1] may we use this solution
client can access server but all clients can not access clients
server can access all clients
please give me a config
thank you for best support
03-03-2010 02:39 AM
Hi,
The configuration which i have sent is correct.
For outside persfective both client and server will be in single vlan that is vlan 1.
But within that we have seperated that VLAN 1(primary vlan) for server and VLAN 501(secondary isolated vlan)for client
The configuration which i have sent you that will give solution to your request
regards
karuppu
03-03-2010 03:18 AM
from configuration
server and clients can use ip same subnet /22 right ?
thank you for your support
03-03-2010 03:25 AM
for a few question
configuration for 3560 port -> 2960 port must be config trunk or special command line
please advise me
thank you for best support
03-03-2010 04:05 AM
Hi,
It will use same segment that is /22 and the trunk configuration is same.
no need to do any special configuration in the trunk link
regards
karuppu
03-03-2010 04:08 AM
Hi,
Besides the private vlan solution, If the port between 2960 and 3560 is access port, you can consider another solution.
on 3560 all client facing ports and port connect to 2960, configure
switchport protected
on 2960 all client facing ports
switchport protected
Do not need to do anything on the server facing ports on 3560 and uplink port on 2960
HTH,
Lei Tian
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: