Cisco Catalyst 2960 Config Help ..Port Access

pduleski · ‎06-22-2007

I'm looking for a way to do the following. One Ip Segment for devices on this switch 172.16.2.x /24

Port 1 can see all 48 ports

Port 2 Can see Port 1, 3,4,5

Port 3 Can see Port 1 only

Port 4 Can See Port 1, 2, and 6

Etc. Etc. This switch is our Router Switch with many vendors connect in using the 172.16.2.x /24 address and we need a way to block them from seeing certain devices connected to this switch.

ohassairi · ‎06-22-2007

if you know the IP addresses of computers connected to each physical port, you can use access-lists

http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a008081d90a.html

vinayrajkp · ‎06-22-2007

If you want to isolate at Layer 2 then you can consider private vlan. But the combination mentioned by you might be a bit difficult. But study private vlan and see how you can use it for your requirement.

mohammedmahmoud · ‎06-22-2007

Hi,

Since your switch is a layer 2 switch, thus the only way to achieve this is via Private VLAN, but unfortunately your switch doesn't support Private VLAN, and thus your only solution is to do inter-VLAN routing on a router, and then use ACL on the router to filter on layer 3 basis (plus using PVLAN edge (protected port)if you require 2 ports on the same VLAN not to communicate in the layer 2 - which is the only PVLAN option supported on your switch).

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml

HTH, please do rate all helpful replies,

Mohammed Mahmoud.