Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Multiple VLAN and a common device

What is the best method for devices on different vlans to share a common device, i.e. a server? Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Multiple VLAN and a common device

This is from CCO.

Configuring Protected Ports

Some applications require that no traffic be forwarded between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

Note You can configure protected ports on a physical interface (for example, GigabitEthernet 0/1) or an EtherChannel group (for example, port-channel 5). When you enable protected port for a port channel, it is enabled for all ports in the port channel group.

Protected ports have these features:

•A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Traffic cannot be forwarded between protected ports at Layer 2; all traffic passing between protected ports must be forwarded through a Layer 3 device.

•Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

The default is to have no protected ports defined.

REF LINK: http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008031ff7e.html

HTH,

Sundar

6 REPLIES

Re: Multiple VLAN and a common device

Hi Friend,

If that is only what you want you can have inter vlan routing .

For which you need minimum 3550 switch as layer 3 switch or any external routers.

Have a look at this

http://www.cisco.com/warp/customer/473/50.shtml#801.1Q

HTH, if yes please rate the post.

Ankur

Re: Multiple VLAN and a common device

It would be a good idea to put the server in a separate VLAN from the user VLANs. This will minimize the broadcast/unicast traffic within that vlan and result in better performance. If you had more than one server then you can create a server farm and preferably connect all the servers directly to the core switch. Most Layer3 switches out there could switch packets efficiently using MLS without having to the forward packet up to the RP to make forwarding decisions.

HTH,

Sundar

Community Member

Re: Multiple VLAN and a common device

Thanks for the suggestions. Here is a theory for you, what if the server was attached to a 2950 port (lets say f0/1 with no vlan assigned, so it's on vlan 1) and ports f0/12 and f0/13 were assigned vlan 100 and 101. If f0/1 was configured as an unprotected port (default) and port f0/12&13 were configured as protected ports (switchpport protected) would devices belonging to vlans 100 and 101 communicate with the server?

Re: Multiple VLAN and a common device

F0/12 & 0/13 can communicate with the server only with the help of layer3 device because they are on different VLANs.

A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Traffic cannot be forwarded between protected ports at Layer 2; all traffic passing between protected ports must be forwarded through a Layer 3 device.

--Sundar

Re: Multiple VLAN and a common device

This is from CCO.

Configuring Protected Ports

Some applications require that no traffic be forwarded between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

Note You can configure protected ports on a physical interface (for example, GigabitEthernet 0/1) or an EtherChannel group (for example, port-channel 5). When you enable protected port for a port channel, it is enabled for all ports in the port channel group.

Protected ports have these features:

•A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Traffic cannot be forwarded between protected ports at Layer 2; all traffic passing between protected ports must be forwarded through a Layer 3 device.

•Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

The default is to have no protected ports defined.

REF LINK: http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008031ff7e.html

HTH,

Sundar

Re: Multiple VLAN and a common device

Hi Friend,

No they will not.

AFAIK the protected ports and non protected ports should be in same vlan and 2 protected ports which are in same vlan will not talk to each other but will talk to nin protected ports.

AT no case without using layer 3 device vlan can talk to each other.

HTH, if yes please rate the post.

Ankur

290
Views
0
Helpful
6
Replies
CreatePlease to create content