I am trying to determine whether a switchport can be configured for access to say vlan 10 and vlan 20 but not be a trunk port. I was told that this could be used for configuring security through a new proposed vlan project but... If anyone has any knowledge about configuring vlan security and/or the port issue that would be great! Thanks
Solved! Go to Solution.
You mean, both vlans sent untagged on the port right? Indeed the feature has disappeared. What do you what to achieve exactly? I'm wondering if there could not be a private vlan hack;-)
The other responders are indeed correct. However, you can still do two different vlans on the same access port. The only to accomplish this is to have one vlan for data and the other vlan for voice. Outside of this config, you must use a trunk. Hope this helps.
That's why I was asking if the problem was to be able to send traffic for two vlans untagged on the port;-) Because except the name, there is not much difference between a voice port and a trunk (if the voice vlan is different from the data vlan): 1q tagging will be a tag to differentiate between the two vlans. BTW, trunk vs access is also Cisco terminology afaik. There is no such thing as an access or a trunk ports in IEEE terms;-)
Thanks to everyone for the inputs. Basically, we are trying to use the VLAN's to help implement some security in our network. When we reached the point of who gets access to what we discovered a spider's web. Many people in say the users VLAN need access to the Corp VLAN but not all the users. We can't put them into the corp VLAN because they need access to things that Corp doesn't. And that was just one scenario...
We are a 2-man IT shop and I was trying to find a way to manage the security implementation without having to manage 100's of ACLs. ACLs have never been my strong suit and I was told that multiple VLANs on a port was the way to go, but I was struggling with understanding it.
I could, but at this point with the propsed project I am going from 3 VLANs currently to 12 VLANs and was hoping not to add anymore than what is absolutely necessary.
To add security, you may want to look into Private vlans. You will still need to have more vlans, but you won't need to deal with the ACL's.