01-30-2008 12:23 PM - edited 03-05-2019 08:49 PM
Hi Gurus,
I want one of the PC in my LAN which should not communicate with any other PC/device of same or different VLAN/Subnet of the LAN. One of the probable solution could be private vlan but the switch is 2950 at which it is sitting, which does not support private vlan. How can i acheive this without moving the PC to my core-layer 4500 series switch?
Thanks and regards,
--gaurav
01-30-2008 12:32 PM
switchport protected
HTH,
__
Edison.
01-30-2008 12:47 PM
Thanks Edison,
But, as the first line of the document says "Use the switchport protected interface configuration command to isolate unicast, multicast, and broadcast traffic at Layer 2 from other protected ports on the same switch.", this switchport will be isolated from other protected ports of the same switch locally. Doesn't that mean that the PC in question will be able to communicate with the device of its vlan but on different switch? Help me understanding it if I'm wrong somewhere?
--gaurav
01-30-2008 12:52 PM
interfaces with protected enabled, won't be able to communicate with other protected enabled interfaces.
protected enabled interfaces are able to communicate to non-protected interfaces.
If I recall correctly, this information isn't carry from switch to switch, for that you need Private Vlans.
__
Edison.
01-30-2008 01:01 PM
But as per "Private VLAN Catalyst Switch Support Matrix" document 2950 switch does not support pvlan-isolated/community vlans. Is there any other way out? I want just one PC to get isolated.
--gaurav
01-30-2008 02:08 PM
The only option you have is with switchport protected, no other choices are provided with the 2950.
__
Edison.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: