Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2533
Views
8
Helpful
3
Replies

how to block traffic from one port to another wihin the same vlan ??

Go to solution
pinkheart
Level 1
Level 1

‎11-05-2004 03:31 PM - edited ‎03-02-2019 07:46 PM

hello

I have cisco 3550 switch with SMI software , in one of the vlan there are 3 1300 AP each one connected to port , I want to block comunication between clients except with the server.

I block the comunication between the client from the same AP but, the client from AP 1 can connect to clients in AP2 and AP3 and vice versa

so I want to block that communication from the 3550 switch , so no client can connect to another one just with the 3 servers ( each AP and server has a seperate port )

note : all the AP and the server are in the same vlan and there are 3 vlan in the switch

please help

thanx in advance

thanx in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mesuti
Level 1
Level 1

‎11-07-2004 03:40 PM

you can use Access-lists to do that ( MAC or IP )

but the ideal solution for this would be to configure Private VLANs within your VLAN, and configure clients as "isolated ports" and servers as "promiscous ports".

isolated ports are allowed to communicate just with promiscous and no other host even if they are in the same VLAN. There are also "community ports" which can communicate with promiscous hosts and with hosts that are in the same community, but I don't see any use of it in your case.

Best Regards

Mesut Abdurrahmani

View solution in original post

0 Helpful
3 Replies 3

Go to solution
joyride_us
Level 1
Level 1
In response to Prashanth Krishnappa

‎11-06-2004 11:43 AM

Hi, several ways to do it since you have a Layer3 switch:

1. place each client on its own VLAN and the server port on all VLAN's (intervlan routing)

2. more simple : access lists will do wonders for you

From my personal and humble experience, I do not like to change VLAN's on the switches as it sometimes bears consequences for other Dpt. of the company that I did not bother check before...but it is a more elegant solution that will give you more possibilities later on.

Goodluck!

Jef

Go to solution
mesuti
Level 1
Level 1

‎11-07-2004 03:40 PM

you can use Access-lists to do that ( MAC or IP )

but the ideal solution for this would be to configure Private VLANs within your VLAN, and configure clients as "isolated ports" and servers as "promiscous ports".

isolated ports are allowed to communicate just with promiscous and no other host even if they are in the same VLAN. There are also "community ports" which can communicate with promiscous hosts and with hosts that are in the same community, but I don't see any use of it in your case.

Best Regards

Mesut Abdurrahmani

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card