02-04-2013 12:25 PM - edited 03-07-2019 11:30 AM
Got an interesting question from one of our other engineers today that I thought I would run by the community...
The field engineer has a stand alone 24 port 2900 series switch that he has different equipment connected to and are segmented using VLANs. So for example, he's got ports 1-4 assigned to VLAN 10, 5-12 assigned to VLAN 20, 13-19 assigned to VLAN 30 and 20-24 assigned to VLAN 40. He would like all the gear on VLAN 30 to have the ablity to talk to all of the other VLANS, but VLAN 40 should not be allowed to talk with any other VLAN. Trunking would do no good here since the switch isn't connected to anything and you can only assign one VLAN per port.
Is there a way to do this within the stand alone switch? The only possible way I could think of would be to ensure that each VLAN has an assigned IP number (subnet) and doing this through access lists. Thoughts, suggestions?
Thank you,
Steve
02-04-2013 01:06 PM
Hi,
Since vlan 40 should not be talking to any other vlan, the easiest solution might be not to create an SVI for vlan 40. So, equipment in vlan 40 don't have a default gateway configured, therefore they will not be able to talk to other vlans. All other vlans do.
HTH
02-04-2013 02:59 PM
Would a private-vlan work in this case?
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide