Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Any way to isolate port per vlan?

Is there anyway, on a switch, to allow only traffic from one port to another on one vlan and block the communication between each other on another vlan?

For example, if port f1/0/1 and f1/0/2 both allow vlan 1 (native) and 2, is there anyway to allow device on port f1/0/1 to talk to device on f1/0/2 on vlan 1 but not on vlan 2?


New Member

Re: Any way to isolate port per vlan?

Have a look at the following artical in regards to private vlans, i think it's what your after.

New Member

Re: Any way to isolate port per vlan?

Thank you for your reply, exonetinf1nity. Private vlan won't be the solution because it's for access links where one interface can only belong to one vlan.

In my case interfaces are trunk ports. They are connected to IP phones. They have one vlan for voice and another native vlan for data. Now I want only voice VLAN be able to talk among interfaces while the data VLAN can only talk to the uplink port to the gateway router. Is that possible? Thanks!

Hall of Fame Super Silver

Re: Any way to isolate port per vlan?

Hello Difan,

to be noted that you don't need to configure the ports to be trunk to support a voice vlan and a data vlan


switchport mode access

switchport access vlan 111

switchport voice vlan 20

so you should be able to use private vlans on the data access vlans you should be able to use secondary isolated vlans (isolated secondary do exactly what you need thay just talk to the default GW/primary vlan)

Hope to help


CreatePlease login to create content