cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
652
Views
0
Helpful
5
Replies

protected port - which models is it available on

ASGR
Level 1
Level 1

Hey Guys,

I'm interested in the CBS250-48T-4G switch but I require protected ports...

Does this model support protected ports? Product details didn't specifically state that it does...

If not, which ones do?

Thanks.

1 Accepted Solution

Accepted Solutions

I do not think the CBS250-48T supports what cisco calls "private vlan",
were a port can only communicate with an uplink port and not between ports
->  It seems that only the cbs350 can do this (private vlans) ,
      in the datasheet , where it was mentioned for the 350 but not for  the 250

you can isolate traffic using VLAN's
-> create separate vlan's  for
- voice,
- surveillance camera's+storage
- normal workstations

there is no communication between vlan's unless you add and configure a router for this

 

View solution in original post

5 Replies 5

pieterh
VIP
VIP

>>> but I require protected ports <<<
this is not clear what you mean

do you mean you need DOT1x authentication or port-security on the ports ?

ASGR
Level 1
Level 1

Hi Pieterh,

 

I'm not sure sure what the Cisco terminology is but I would like to isolate the

clients on a LAN. This is the definition from Netaget (C)...

 

"Ensure no exchange of unicast, broadcast, or multicast traffic between the
protected ports on the switch, therefore, improve the security of your con-
verged network where your sensitive phone conversation can stay private
and your surveillance video clips can be forwarded to their designated
storage device without leakage or alteration"

Hope this is more clear.

Thanks.

 

I do not think the CBS250-48T supports what cisco calls "private vlan",
were a port can only communicate with an uplink port and not between ports
->  It seems that only the cbs350 can do this (private vlans) ,
      in the datasheet , where it was mentioned for the 350 but not for  the 250

you can isolate traffic using VLAN's
-> create separate vlan's  for
- voice,
- surveillance camera's+storage
- normal workstations

there is no communication between vlan's unless you add and configure a router for this

 

ASGR
Level 1
Level 1

Thanks Pieterh,

That sounds correct, PVLAN's.

I do need PVLAN's to eliminate client cross contamination.

I'll look into the 350 models.

KJK99
Level 3
Level 3

@ASGR 

You may like to get into the details of private VLANs to make sure that they are right for you.

In private VLANs, devices connected to isolated ports can interface only with devices connected to promiscuous ports. In my view, to say that they “communicate with an uplink port” can be correct only if there is a router connected to a promiscuous port. I haven’t tried that, yet.

I have private VLANs where surveillance cameras are connected to isolated ports and can interface only with a NVR connected to a promiscuous port. Those private VLANs span across two switches connected with a trunk. It is the trunk that has an uplink port. That uplink port is not promiscuous. It doesn't really communicate with the isolated ports, but just pass data to the other switch. So, I have promiscuous and uplink ports and they are not one and the same.

Kris K
Review Cisco Networking for a $25 gift card