Cisco Support Community
Community Member

private Vlan config

I have a question regarding private Vlan config. I have a DMZ switch where I need to be able for a particuilar server to communicate to the reset of the servers on port 8686 and deny the rest of the communications between them. I have this server on a poremiscuios mode and the other servers on isolated ports.For security reason how can apply this access list? on which vlan? I am running IOS on the switch connecting these servers. Thanks for your help


Re: private Vlan config

an access-list config could look as follows:

access-list 101 permit tcp host x.x.x.x eq 8686 y.y.y.y ys.ys.ys.ys

access-list 101 permit tcp y.y.y.y ys.ys.ys.ys host x.x.x.x eq 8686

apply the access-list to the proper vlan/interface and test.

without knowing your vlans or ip addressing, we will not be able to elaborate on the exact syntax of the access-list or what vlan(s) to apply it too.

let us know if you can and we can help further.

Community Member

Re: private Vlan config

the port is that the server( that need to talk to all server is attached to:

interface GigabitEthernet1/0/18

description DZ1WEBSD001

switchport private-vlan host-association 50 51

switchport mode private-vlan promiscuous

speed 100

duplex full

no mdix auto

The subnet is

Basically the need to talk to all servers on this subnet on port 8686 and deny evrything else


CreatePlease to create content