Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
2
Replies

Isolation each port in a SG200-26

Samuca
Level 1
Level 1

‎03-30-2018 06:56 PM - edited ‎03-08-2019 02:28 PM

Hi, I have 8 switchs SG200-26.

I have one network (192.168.8.0/22). My gatewate is 192.168.10.1.

Could I configure one VLAN for each port of switch, and port of my gateway could I untagged for response all other ports?

My intension is block all acesses between host, for prevent virus between them.

Labels:
0 Helpful
2 Replies 2

Francesco Molino
VIP Alumni
VIP Alumni

‎03-30-2018 08:47 PM

Hi

I don't have too much experience with SG200 but what you want to do in a simple way is called private vlan (having multiple hosts on the same vlan without being able to communicate each others) but after checking the administration guide, this feature doesn't exist.

There's another method using mac acl and keeping all hosts in the same vlan. The minding is this acl will allow traffic to your provider Mac address interface and deny all others (you will need to allow some other Mac addresses depending on your design). But i don't see anything regarding this on administration guide.
There's also vacl but not in the doc...
Also proxy-arp.... Kind of tricky config with Nat...

What you want to achieve won't work.
Do you have another switch? What's your design to see if we can leverage something else.

You want to filter all hosts communications or group of hosts?
If group of hosts, you can have multiple subnets by splitting your actual one into x subnets where x represents the number of group devices.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎03-30-2018 11:56 PM

Hi, 

This is Small Business switch and its support for up to 256 VLANs simultaneously (out of 4096 VLAN IDs). Again it is VLAN only not a Private VLAN.  You can configure Each VLAN on each port but there is no VLAN routing feature so you have to extend all VLAN toward your gateway. 

This is not recommended to use per port different VLAN and it is not a solution to your issue. It will again make more issues for your network infrastructure such as STP. I recommended to you go with Gateway level antivirus with SSL inspection and choose a good anti ransomware solution for your all systems and configure windows firewall. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card