Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to set Vlan sf300-24

I want to create 9 Vlan

Vlan1=port2 with port G1 only

Vlan2=port3 with port G1 only

Vlan3=port4 with port G1 only



Vlan7=port8 with port G1 only

Vlan8=port9 with port G1 only

Port G1 connect to server (DHCP, hotspot, Internet)

Port 2-7 connect to linksys 54gl (Access point)

Port 8-9 connect to PC

I use in Apartment.

How to set this policy?

Thank you very much


Why not try Private VLAN Edge (PVE ) which was designed for Multi dwelling Units (MDU) or Hospitality applications.

A protected port is also referred as a Private VLAN Edge (PVE).

The features of a protected port are as follows:

Protected Ports provide Layer 2 isolation between interfaces  that share the same VLAN.

Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications.

Devices connected to protected ports are not allowed to communicate with each other, even if they are members of the same VLAN.

In your case you should protect ports 2,3,4,8 and 9.  This will stop these ports from 'talking' to eachother


Then  I copied the settings to all ports except the port that is my uplink In my case G10.

As the manual says , when you protect a port the only place that these ports can talk to is a unprotected port.

So the unprotected port becomes my uplink.  I can have a few unprotected ports on my switch, no problem, it just means that unprotected ports can communicate between eachother, if they are on the same vlan.


I am left with the following configuration, G10 being unprotected and G1 to G9  being protected.  This forces G1 to G9 to be allowed to only communicate with the unprotected port.


Give it a try, your switch will have ports 2,3,4,8 and 9 being protected.

regards Dave