Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

DMZ ports on a switch with private VLANs

We need to take eight ports out of a 3750 switchstack (four ports on two of the members, remaining ports on these members assigned to network devices; three other stack members have ports assigned to servers, printers, desktops, etc) and assign them to network teams for (soon-to-be) DMZ-based servers. We've looked at doing L2 VLANs, but we'd prefer to keep L3. Other than assigning ACLs, is there a way to dedicate those ports to a DMZ VLAN? Are PVLANs the only other option?

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: DMZ ports on a switch with private VLANs

You'll need to implement 'Private Vlans' to accomplish this. Here are some good links that explain how Private Vlans work and what's needed to configure them:

Securing Networks with Private VLANs and VLAN Access Control Lists

http://www.cisco.com/warp/customer/473/90.shtml

System Requirements to Implement Private VLANs

http://www.cisco.com/warp/customer/473/63.html

2 REPLIES
Silver

Re: DMZ ports on a switch with private VLANs

You'll need to implement 'Private Vlans' to accomplish this. Here are some good links that explain how Private Vlans work and what's needed to configure them:

Securing Networks with Private VLANs and VLAN Access Control Lists

http://www.cisco.com/warp/customer/473/90.shtml

System Requirements to Implement Private VLANs

http://www.cisco.com/warp/customer/473/63.html

Community Member

Re: DMZ ports on a switch with private VLANs

Thanks - I was looking for a second opinion and you offered it. Appreciate the links, I'll look though those and compare to our config.

371
Views
0
Helpful
2
Replies
CreatePlease to create content