Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

3550 VS. 3560 - Suggestions

Hey there all.

I am in the process of purchasing a Catalyst 3550 or 3560 Catalyst and need confirmation on software and capibilities. The switch needs to be able to do Private Vlans, have 2 SPAN Ports, and at least 2 GBIC Ports. I am aware that the 3560 w/12.2(20)SE - EMI

can def. support what we need it for but, I was wondering if a 3550 would be able to support all this as well if it had the proper software. So, what I need to know is can a 3550 do this and if so what software would I need?

Thanks

Shaun

8 REPLIES
Hall of Fame Super Blue

Re: 3550 VS. 3560 - Suggestions

Hi Shaun

3550 switch does not fully support private vlans. Attached is a link to private vlan support matrix for catalyst switches.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml

Even if they did i would strongly recommend you go for the 3560 as this is a newer switch which has replaced the 3550.

HTH

Jon

New Member

Re: 3550 VS. 3560 - Suggestions

Thanks!

I didn't think the 3550 Series could support it but I wanted confirmation. Though what do you mean by NOT FULLY SUPPORT? What we need to do is block certain ports from seeing each other on the switch. For instance, Eth1 can see 2-10 but not 11-24 or Eth 3 can see Eth1,2,6,10,11 but noting else. Etc. Eveything will be on the same network. 172.16.X.X/24

Again that you

Shaun

Hall of Fame Super Blue

Re: 3550 VS. 3560 - Suggestions

Shaun

If you have a look at the link i sent you can see that the 3550 only supports PVLAN Edge or protected ports.

Protected ports would actually meet your requirement though in that you an block ports from seeing each other on the same switch.

The EOS/EOL announcement has been made for the 3550 though so it would be better to go with the 3560 - see attached link.

http://www.cisco.com/en/US/products/hw/switches/ps646/index.html

If you still want to pursue the 3550 option let me know and i'll check it against your other requirements.

HTH

Jon

New Member

Re: 3550 VS. 3560 - Suggestions

I guess what I need know is can Port Security Provide the ability to do this??

Router A - Can see/ping All Routers

Router B - Can see/ping All Routers

Router C - Can see/ping All Routers

Router D - Can see/ping All Routers

Router E - Can see/ping ONLY A,B,C,D

Router F - Can see/ping ONLY A,B,C,D

Router G - Can see/ping ONLY A,B,C,D

Router H - Can see/ping ONLY A,B,C,D

Routers connected to the switch:

Router A - Company Routert can't see clients

Router B - Company Routert can't see clients

Router C - Company Routert can't see clients

Router D - Company Routert can't see clients

Router E - Company Routert can't see clients

Router F - Client Router can't see company

Router G - Client Router can't see company

Router H - Client Router can't see company

We just need to make sure Clients don't see each other.

Hall of Fame Super Blue

Re: 3550 VS. 3560 - Suggestions

Shaun

A protected port cannot send traffic to another protected port at layer 2. So if all your router interfaces are in the same subnet then you could meet your first set of conditions by

1) leave Router A, B, C, D as unprotected ports.

2) Make router E, F, G, H protected ports.

With this setup A, B, C, D will be able to talk to all routers.

E, F, G, H will only be able to coimmunicate with A, B, C, D.

Not sure i understand your second set of conditions. Is it just another way to explain the first set ?

Jon

New Member

Re: 3550 VS. 3560 - Suggestions

Sorry Jon,

What I meant was this.

I guess what I need know is can Port Security Provide the ability to do this??

Router A - Can see/ping All Routers

Router B - Can see/ping All Routers

Router C - Can see/ping All Routers

Router D - Can see/ping All Routers

Router E - Can see/ping ONLY A,B,C,D

Router F - Can see/ping ONLY A,B,C,D

Router G - Can see/ping ONLY A,B,C,D

Router H - Can see/ping ONLY A,B,C,D

Routers connected to the switch:

Router A - Company Router - Can see all routers

Router B - Company Router - Can see all routers

Router C - Company Router - Can see all routers

Router D - Company Router - Can see all routers

Router E - Company Router - Can see all routerS

Router F - Client Router - Only see A,B,C,D

Router G - Client Router - Only see A,B,C,D

Router H - Client Router - Only see A,B,C,D

Router F,G, & H CANNOT See each other

We just need to make sure Clients don't see each other.

I.E. F can't see G or H

G can't see F or H

H can;t see F or G

Hall of Fame Super Blue

Re: 3550 VS. 3560 - Suggestions

Shaun

Based on the docs yes it can do what you need. F, G, H are made protected ports and therefore cannot see each other at layer 2.

Non-protected ports can communciate with both protected and other non-protected ports.

Note that this does imply that all router interfaces are in the same subnet.

HTH

Jon

Cisco Employee

Re: 3550 VS. 3560 - Suggestions

Shaun,

As Jon mentioned that 3550 doesnot support full Private Vlan feature, only the basic feature " protected port " is supported. Ports defined as protected on a switch cannot talk to each other at layer2. They will only be able to talk to each other using a layer3 device.

Protected ports have these features:

?A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a layer 3 device.

?Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

?Protected ports are supported on IEEE 802.1Q trunks.

Please check if it can solve your purpose.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_seb/configuration/guide/swtrafc.html#wp1158863

HTH,Please rate if it does.

-amit singh

585
Views
0
Helpful
8
Replies
CreatePlease to create content