Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Configuring DMZs on Cisco 2950

I liked to find out if there is any other way to configure DMZ on a Cisco 2950. What I normally do is to create a VLAN for DMZ.

3 REPLIES

Re: Configuring DMZs on Cisco 2950

You could use protected ports also.

Protected ports on the same switch will not be able to communicate with each other. Protected ports can communicate with all other unprotected ports on the switch.

Example would be a colo facility and each customers box would be on a protected port in same VLAN and only one unprotected port in VLAN going to router, etc. This way they can have several customers on the same IP subnet (VLAN) and traffic doesn't go between the ports.

Community Member

Re: Configuring DMZs on Cisco 2950

do you think you could provide me with a sample configuration for using protected ports?Much appreciated.

Re: Configuring DMZs on Cisco 2950

interface FastEthernet0/1

! This marks the port as a private VLAN edge port.

switchport protected

interface FastEthernet0/2

switchport protected

interface FastEthernet0/3

switchport protected

Protected ports do not forward any traffic to protected ports on the same switch. This means that all traffic passing between protected ports—unicast, broadcast, and multicast—must be forwarded through a Layer 3 device.

.

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a008007e8d6.html#xtocid8

105
Views
0
Helpful
3
Replies
CreatePlease to create content