Re: 2811 router problem

cag102 · ‎08-17-2006

ok.. I am trying to consolidating my 2621 router and my 2950 switch into a 2811 router w/16port/1gig ethernet module. My problems is i can not find a way to protect each fa1/0-15 port on this module from each other and still be able to route out fa0/0 -1 ports. My 2950 had port protection. I would greatly appreciate any help here... I have attached my config file...

Thanks

mihanlin · ‎08-17-2006

Hi Craig,

I'm guessing what you are trying to configure is commonly called private Vlans.

To configure your private or protected port, under interface configuration mode type:

switchport mode private-vlan host

The routed vlan port is called a "promiscuous" port, and can be configured by:

switchport mode private-vlan promiscuous

Let me know if this works under your configuration.

Hope this helps,

Michael

m-haddad · ‎08-18-2006

Creat different VLANs in the vlan database. THen creat the virtual interfaces for the VLANs. Once done assign the ports to the vlan you want.

If you want to have one vlan and all hosts having one default gateway however, the hosts do not communicate to each others you need to configure private vlans as previously noted.

Let me know if this helps,

m-haddad · ‎08-18-2006

One more think apply ACLs on the Vlan interfaces to deny packets from one vlan to the other because the router will do inter-valn routing!

Regards,