Restricting a port to communicate

jijeshk82 · ‎04-11-2004

I have a 2950 cisco switch in my office. The reqirement what I need is I want to restrict the system connected to 2nd port to communicate with all other ports, and the communication must takeplace viceversa,i.e all ports of switch must be able to communicate with the 2nd. If any one is having any idea about it without creating a vlan please give me the information.

konigl · ‎04-12-2004

Without creating a VLAN? Hmmm....

It depends what protocols you are using. What kind of restrictions do you want?

One way you could do this for TCP/IP, if you also have a Cisco router connected to that LAN, is to configure a secondary IP address on the router's LAN interface. Then assign the device on the 2nd switch port an IP address in that secondary IP subnet. Now, all communications between the device on the 2nd switch port and all the other devices on the same VLAN have to go through the router to talk to each other.

An advantage of doing this is, you can use access control lists to restrict what kind of traffic is allowed to pass between the rest of your network and the device on the 2nd switch port. The disadvantage is, performance through the router may be very slow depending on what kind of router you use.

Now, if your switch was a 3550 instead of a 2950, you could route between the two IP subnets if you create a secondary IP address on the switch's VLAN interface and enable IP routing within the 3550. This way you would get full-wire-speed performance.

Hope this helps.