Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2633
Views
15
Helpful
2
Replies

SF 300 Voice and data VLAN Configuration on port

chathurangaj@kbsl.lk
Level 1
Level 1

‎05-09-2018 09:25 PM - edited ‎03-08-2019 02:58 PM

interface fastethernet4
 storm-control broadcast level 10
 port security max 10
 port security mode max-addresses
 port security discard trap 60
 spanning-tree portfast
 spanning-tree bpduguard enable
 macro description ip_phone_desktop
 switchport trunk allowed vlan add 400
 switchport trunk native vlan 10
 !next command is internal.
 macro auto smartport dynamic_type ip_phone_desktop
 
WE NEED TO ADD THE BOLD COMMANDS ALL OTHERS ARE DEFAULT.
 
 
we have to configure these two only for allow both data and Voice vlans
 switchport trunk allowed vlan add 400
 switchport trunk native vlan 10
 
in some post i saw there is a command voice vlan-id  <vlan-id> but in my case this not work. id ont know why. but my above solution is 100% working.
3 people had this problem
Labels:
2 Replies 2

dhanushka_
Level 1
Level 1

‎05-09-2018 10:34 PM

This is really help full thanks for the information.

sbhadrav@cisco.com
Level 5
Level 5

‎08-01-2018 11:47 PM

 

Here are the rules for VLANs ..

When you set the switch port  interface to  access mode, a switch port can be only a member of one untagged VLAN

When you set the switch port  interface to trunk mode, a switch  port can be a member of only one untagged VLAN but also a  member of many Tagged VLANs.

But what you seem to be trying to achieve is use ports 1-7 as  unprotected or open  ports  for  ports 8-24 within the switch.

Really seems like something called  Priveate Vlan Edge PVE, whereby protected ports will only forward packets to unprotected ports and not other protected ports. .

Here is the definition found in the help text from within the switch.

 

  • Protected Port—Select to make this a protected port. (A protected port is also referred as a Private VLAN Edge (PVE).) The features of a protected port are as follows:

 

 

    • Protected Ports provide Layer 2 isolation between interfaces (Ethernet ports and Link Aggregation Groups (LAGs)) that share the same Broadcast domain (VLAN).
    • Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications.
    • Port protection is not subject to VLAN membership. Devices connected to protected ports are not allowed to communicate with each other, even if they are members of the same VLAN.
  • Both ports and LAGs can be defined as protected or unprotected. Protected LAGs are described in the Configuring Link Aggregation section.

  •  
  • So my steps were
    • So I am wondering if you really need to configure alot of vlans.
    • make ports 8-24 protected port
    • Save the configuration

Clicked to tick the option to protect switch port 8.

That's what we end up with , port 8 is now protected.

Now lets copy the settings from port 8 to ports 9-24, see the circled area below.

now will in the ports you also wish to protect.

Now ports 8-24 are protected ports.

Hosts on these ports will only be able to communicate with hosts on ports 1-7 or  switch port 24 onwards, in the case of my switch.

Make sure you save your configuration.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card