Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to set up a multi-vlan port

Hi, I am having problems in setting up a port to join more than 1 vlan using a 2960g router.

Whenever I try to add that one port to another vlan, it disappears from the previous one.

The setup I need requires that a server can visit clients, however each client can only visit the server, communication between clients is forbidden. I created a vlan for each client so that they are separated but I need to add the server port to the client vlan as well.

4 REPLIES

Re: How to set up a multi-vlan port

This would perhaps be possible using the private vlan feature. Unfortunately for you, this is not supported on the 2960:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml#topic1

Regards,

Leo

Hall of Fame Super Blue

Re: How to set up a multi-vlan port

Hi

if you have a layer 3 device you could use access-list to restrict traffic flows between clients and between the clients and the servers.

If you are trying to do this at layer 2 only i think you can still use access-list although you would need to have all your clients and the server in the same vlan.

Attached is layer 2 access-list config guide for 2960 switch

http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00805a75be.html

HTH

Jon

New Member

Re: How to set up a multi-vlan port

From what I read in the document, I seem to be able to only filter inbound access to the whole network and not per client using my existing hardware.

I may occasionally need to let each client access the internet through the server so I'm not sure if I can do that in addition to denying access

Sorry, if i misunderstood, I'm not really very knowledgeable in networking yet.

Looks like I need to use some other switch for what I require.

Hall of Fame Super Blue

Re: How to set up a multi-vlan port

Hi

Maybe i misunderstood the requirements. I was thinking you could do the following

access-list 101 permit ip host "client ip address" host "server ip address"

access-list 101 deny ip any any

Then apply access-list 101 to the client interface.

eg

interface "interface id"

ip access-group 101 in

This would allow the client to talk to the server but not to anything else with the vlan.

You could create separate access-lists for each client.

For the server you wouldn't need an access-list.

As mentioned before all clients + server would need to be in same vlan.

Does this not do what you want it to do.

HTH

Jon

249
Views
0
Helpful
4
Replies
CreatePlease login to create content