11-26-2010 08:46 AM
Hi,
We need to offer broadband to customers in a serviced office. About 8 users.
If we had a switch that offered PVE (Protected Ports) could we use this to stop each office from seeing each other and only see the router.
Also would each office be able to have a unmanaged switch so that they could network a couple of computers in each room.
Finally would port forwarding work for example remote desktop to a particular machine on one of the networks.
Many thanks for your help
Ed
11-27-2010 02:37 PM
Hi Edward,
The new SF/SG 300 series can quickly do what you want. The old term of it was Private Vlan Edge (PVE), the new term, on this range of low cost product is Protected port. I have copied a link to the product comparison page below so you can see the extensive range of product that we offer than can perform that task. But every managed Small Business switch has that functionality.
http://www.cisco.com/en/US/products/ps10898/prod_models_comparison.html
Here's how protected or PVE works on this switch family,(taken from Admin guide)
So where can protected ports or PVE be used, as an example,
Here 's a screen capture below, taken from SKU ordering p/n SRW248G4P-K9-NA, click on the picture to see my setup
Note also that I am managing this device via IPv6.
For port forwarding from the WAN router, you could use different port forward port addresses from the WAN router (Port address translation) so that remote folks can access local PC via RDC. As far as the router is concerned all clients could be in the same VLAN, or vlan the switch and use a router like the SR520 or SA500 , ASA5500 that supports Multiple VLANs.
Cool stuff. It took me longer to write this post than configure the settings, but i wrote some extra stuff that tested the functionality on one of the new small business switch range.. see https://supportforums.cisco.com/thread/2053251
Hope this helps.
regards Dave
11-28-2010 03:04 AM
David,
Many thanks for the reply.
Just to confirm, if one company wanted to setup a small network using a switch which was plugged into a protected port would the be able to network and other not see them?
Thanks
Ed
11-29-2010 05:39 AM
Hi Edward,
Yep that's the way it seems to work. By putting the Cisco Small Business switch ports into protected or unprotected mode, it almost seems like the switch is using some fairly heavy MAC address filtering to precisely stop protected ports from communicating with other protected ports.
So if a small business has a managed or unmanaged switch connected to a protected port, and used the protected port as their uplink to the internet, the members connected on that managed or unmanaged switch would be able to communicate locally but not to PC hosts connected on other or different protected ports.
regards Dave
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: