Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
0
Helpful
2
Replies

Is protected ports the solution to my problem?

Go to solution
GrootLives
Level 1
Level 1

‎09-12-2016 10:22 AM - edited ‎03-08-2019 07:23 AM

Not sure how to explain this so what I'm asking matches what I think I'm asking.

We have a Catalyst 2960 with one port connected "out there" to the ISP. Or will have; Haven't implemented this yet. Just trying to wrap my head around the best way to do this.

The ISP has assigned us a block of IP4 addresses. The intention is "whatever" will plug into this 2960 acting as a edge device. "Whatever" is responsible for assigning its own static IP from our block of IPs. I want to isolate the traffic so the "whatever" plugged into port x cannot see the traffic from the "whatever" plugged into port y, and vice-versa. Without interfering with traffic flowing to/from the internet to a particular port/ip.

Reading another thread I read something about Protected Ports. Sounds like it would do what I want if I leave the port connecting out to the ISP as promiscuous and set all the rest to protected ports? Or did I completely misunderstand what I was reading?

If someone has a better solution to this I'm all ears.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎09-12-2016 10:51 AM

Hi

As far as I understood is that you want to have some devices in your Public IP scope but no one must be able to talk to each other except the ISP port to go outside?

If yes, you can achieve that in different way like acl, private vlan,...

But the simplest way to do that is using Private Vlan feature.

Your ISP port port will be the promiscuous port and the "whatever" device will be isolated port. 

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎09-12-2016 10:51 AM

Hi

As far as I understood is that you want to have some devices in your Public IP scope but no one must be able to talk to each other except the ISP port to go outside?

If yes, you can achieve that in different way like acl, private vlan,...

But the simplest way to do that is using Private Vlan feature.

Your ISP port port will be the promiscuous port and the "whatever" device will be isolated port. 

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
GrootLives
Level 1
Level 1
In response to Francesco Molino

‎09-12-2016 11:28 AM

That looks like what I was looking for. I have some reading to do.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card