Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can a device be member in multiple VLANs?

I recently bought a Cisco SG300 switch in order to separate Windows clients in my home network. Ideally, all clients remain in the same IP-subnet but I want each one to be in a separate VLAN. Yet each client should have access to shared devices like printer, NAS. Is it possible to have those shared devices in multiple VLANs?

I know that I can make the switch a layer-3 switch, put the shared devices in its own VLAN, and add routing to achieve the same objective, but I'm afraid that this does not work with media (DLNA) clients that broadcast to discover the media (DLNA) server.

5 REPLIES
New Member

I just learned the concept I

I just learned the concept I want to use is that of a private VLAN (http://en.wikipedia.org/wiki/Private_VLAN). The SG300 most probably does not support this.

Cisco Employee

Hi Molfa2014,It actually does

Hi Molfa2014,

It actually does since 1.4 release. Please take a look on the latest admin guide:

http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/Cisco_300Sx_v1_4_AG.pdf

Regards,

Aleksandra

 

New Member

Indeed, that's a pleasure to

Indeed, that's a pleasure to read. Thanks for your help.

New Member

I got another question

I got another question regarding the above private VLAN setup? I want to use 802.1X network access control. If I understand correctly - and I'm just learning this stuff from the ground up, so bear with me - I can authenticate the shared devices (printer, NAS) via

- Radius MAC-based authentication (switch port authentication mode: 802.1x Authentication)

- direct MAC-based authentication mode on the port

Is there any drawback/advantage with either one?

Cisco Employee

Hi Molfa,It all depends what

Hi Molfa,

It all depends what do you need on your network. However if you would like to play around than try to set up private vlan concept using PVID, tag and untagged VLAN and port in general mode. Those settings give a great opportunity to create network as you wish.

For port authentication I believe Radius authentication it is a greater enhancement since you might you DVA (Dynamic VLAN Assignment) and some other attributes which can be sent from the server as a configuration parameters. Imagine user which is moving between the ports even switches and after successful authentication gets always assigned to the same VLAN :-)

I hope this encourages you.

Aleksandra

289
Views
0
Helpful
5
Replies
CreatePlease to create content