Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

2 switches - how to turn on port isolation (bridge) ?


My situation: I have 2 switches - SRW224G4 and SRW248G4. One of them is located on 1st floor, one of them is on the 2nd floor. Both are a part of the same network.

I need to connect a device (a wireless access point) to 1 port on the switch on 1st floor. Also, I need to connect a router to the switch on 2nd floor. Is it possible to isolate the two ports on each switch so that they (both the wireless AP and the router) act as if they were connected by a simple cable? Basically, I want the switches to act almost like simple patchpanels.

I have tried to use VLAN etc., but without any success. Any suggestions?

Thanks in advance.

Everyone's tags (4)

Re: 2 switches - how to turn on port isolation (bridge) ?

Hello and good evening,

If you are trying to make the switches in between completely transparent, then this can be done via dot1q-tunneling.  This is also called QinQ, and sometimes known as double tagging.  This is supported on the Cisco Catalyst 3560s and above.

This is a very effective way to join remote devices, and cause these devices to believe they are directly connected. This really hides everything in between ... a nice way to 'tunnel' remote devices through another L2 network.

As you can imagine, this is more common in the enterprise or service provider networks.  This may also be a bit more expensive than what you are looking for.

Can I assume that your router has multiple interfaces or can it support trunking via subinterfaces as well?  If so, then having multiple VLANs would allow you to separate the other devices and other network from these two.

The router can have one interface within the 1st and primary VLAN, and the second interface with the secondary / AP VLAN.

If you do not mind saying so, what is the goal of this design?

(thinking out loud here ...)

In my head I imagine you are thinking security for the wireless network this a guest network and have you considered guest access control via a controller or putting in a DMZ?   A couple of other options might be available, however it would be required to know the goal for your design.

Kindest regards and have a great night,

Andrew Lee Lissitz

CreatePlease to create content