Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Restricting a port to communicate

I have a 2950 cisco switch in my office. The reqirement what I need is I want to restrict the system connected to 2nd port to communicate with all other ports, and the communication must takeplace viceversa,i.e all ports of switch must be able to communicate with the 2nd. If any one is having any idea about it without creating a vlan please give me the information.


Re: Restricting a port to communicate

Without creating a VLAN? Hmmm....

It depends what protocols you are using. What kind of restrictions do you want?

One way you could do this for TCP/IP, if you also have a Cisco router connected to that LAN, is to configure a secondary IP address on the router's LAN interface. Then assign the device on the 2nd switch port an IP address in that secondary IP subnet. Now, all communications between the device on the 2nd switch port and all the other devices on the same VLAN have to go through the router to talk to each other.

An advantage of doing this is, you can use access control lists to restrict what kind of traffic is allowed to pass between the rest of your network and the device on the 2nd switch port. The disadvantage is, performance through the router may be very slow depending on what kind of router you use.

Now, if your switch was a 3550 instead of a 2950, you could route between the two IP subnets if you create a secondary IP address on the switch's VLAN interface and enable IP routing within the 3550. This way you would get full-wire-speed performance.

Hope this helps.