03-30-2012 12:06 PM - edited 03-24-2021 05:53 PM
03-30-2012 12:14 PM
What exactly are you trying to accomplish here? If we step back and go a step above your specific question, what is your actual requirement? Do you require that all three machines be on the same subnet, but PC1 and PC2 not be able to communicate with each other? -Ed
03-30-2012 12:40 PM
thanks Ed for the quick response. the requirement is bi-directional connections between (server from/to PC-1) and server from/to PC-2. no need for PC-1 to communicate with PC-2.
hope that make it clear or at least a bit.
03-30-2012 01:34 PM
Hi Eyad,
Can your server interpret the VLAN tagging? if yes you can also configure as trunk the interface between the server and the switch.
Hope that helps
Vasilis
03-30-2012 03:09 PM
unfortanatly the server doesn't interpret vlan tagging it would've solved it.
03-31-2012 07:48 AM
Eyad,
That helps a bit, but more specifically, are you requiring that PC1 and PC2 not be able to communicate?
This is an interesting situation which is why I was asking about the exact requirements. Can you also supply the details (at least box diagram) of the equipment in the "LAN" cloud in your diagram?
Private VLANs are not available (as of my last check) on the 2960 platform. They are available on the 3560 platform, but without knowing the rest of your design that may create restrictions on other devices in your network that are unacceptable. The 2960 platform incorporates the "protected port" ("PVLAN edge") feature, but this is only locally significant to the device and would not apply here where the affected ports are on different devices.
I see you have trunks in the diagram, but are end-to-end VLANs a requirement in your network? What is the reason for requiring PC1 to be on VLAN 100 and PC2 to be on VLAN 200? I just want to understand the full set of requirements that you must work within.
03-30-2012 03:32 PM
Do you understand routing? For which a router will send traffic no matter where it come from, to where it has to go?
In your case you have a layer 3 switch, that does that at wire speed.
It only need to be configured. If you do not have expereince and/or certifications, recommend you give the job to a professional.
03-30-2012 05:15 PM
Paolo,
I would like to keep the solution at layer 3 switch, injecting router would be a last option hence this posting getting feed back from professionals to express their ideas and guideline.
i tried the following:
1) switchport multi vlan vlan-list will solve this but the command is no longer avaliable on newer cat switches.
2) switchport voice vlan...but that doesn't work.
thanks
03-31-2012 12:34 AM
I think you have to read again my post above.
03-30-2012 08:57 PM
Why don't you try to implement the intervlan routing,and use an accesslist
to block the traffic between the pcs
03-30-2012 11:42 PM
I agree with Paolo and Arun, that probably the best solution here is to implement inter vlan routing on SW-1 and apply ACL that PC1 and PC2 couldn't communicate.
But take care, if you choose this solution, your switch (3560) must have at least IP base licence installed on it.
03-31-2012 12:29 AM
Intervlan routing on an L3 switch.
Unni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide