| Author |
Message |
tibo
Guest
|
 Posted:
Fri Nov 25, 2005 2:05 am Post subject:
An interface on many VLANs |
|
|
Hello.
Is it possible to have the following configuration on a switch ? (ethernet
only, no IP)
computer 1 on port 1, VLAN 1
computer 2 on port 2, VLAN2
And computer 3, port 3
I'd like computer 3 to be able to talk with computers 1 and 2, but computers
1 and 2 can't see each other. So I put port 3 on VLAN 1 and 2.
For example :
A frame coming from port 1 to port 3, but not on port 2
The answer frame coming from port 3 to port 1 but not on port 2.
A frame coming from port 2 to port 3, but not on port 1
The answer frame coming from port 3 to port 2 but not on port 1.
What do you think of that ?
I bought a 3COM switch (expensive) et that's not possible with it. So I'm
wondering about the ability of doing that, and on which brand (I thought
Cisco could do that).
If not possible with VLANs, maybe MAC address filtering ?
I precise I don't want IP nor 802.1Q.
Thanks for your answers. |
|
| Back to top |
|
 |
Spam Catcher
Guest
|
| Posted:
Fri Nov 25, 2005 3:05 am Post subject:
Re: An interface on many VLANs |
|
|
"tibo" <bartol_78SPAMSUXXX@yahoo.com> wrote in
news:1132862721.828586774d651f9c87bb20456d9ae933@fe5.teranews.com:
| Quote: | Hello.
Is it possible to have the following configuration on a switch ?
(ethernet only, no IP)
computer 1 on port 1, VLAN 1
computer 2 on port 2, VLAN2
And computer 3, port 3
I'd like computer 3 to be able to talk with computers 1 and 2, but
computers 1 and 2 can't see each other. So I put port 3 on VLAN 1 and
2.
|
Sounds like you want a switch + firewall combo.
Sonicwall has such a product - it is a 24 port switch with 24 independent
zones. You can configure the zones to forward, filter, block packets as
needed.
http://www.sonicwall.com/products/pro1260.html
--
Stan Kee (spamhoneypot@rogers.com) |
|
| Back to top |
|
|
stephen
Guest
|
| Posted:
Fri Nov 25, 2005 4:36 am Post subject:
Re: An interface on many VLANs |
|
|
"tibo" <bartol_78SPAMSUXXX@yahoo.com> wrote in message
news:1132862721.828586774d651f9c87bb20456d9ae933@fe5.teranews.com...
| Quote: | Hello.
Is it possible to have the following configuration on a switch ? (ethernet
only, no IP)
computer 1 on port 1, VLAN 1
computer 2 on port 2, VLAN2
And computer 3, port 3
I'd like computer 3 to be able to talk with computers 1 and 2, but
computers
1 and 2 can't see each other. So I put port 3 on VLAN 1 and 2.
For example :
A frame coming from port 1 to port 3, but not on port 2
The answer frame coming from port 3 to port 1 but not on port 2.
A frame coming from port 2 to port 3, but not on port 1
The answer frame coming from port 3 to port 2 but not on port 1.
What do you think of that ?
|
some cisco switches support a feature called private VLANs (PVLANs)
it allows ports in a subnet to only talk to "promiscuous" ports in the same
VLAN.
AFAIR originally invented to help with security when you have a Catalyst
switch with a firewall and multiple machines in a DMZ.
http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html
which switches support it:
http://www.cisco.com/en/US/products/hw/switches/ps4324/products_tech_note09186a0080094830.shtml
looks like the minimum device is a Catalyst 3560
| Quote: |
I bought a 3COM switch (expensive) et that's not possible with it. So I'm
wondering about the ability of doing that, and on which brand (I thought
Cisco could do that).
|
if you think 3Com is expensive, you have a shock coming :)
| Quote: |
If not possible with VLANs, maybe MAC address filtering ?
|
No - only limits what can connect to the port, not what can tlak through it.
| Quote: |
I precise I don't want IP nor 802.1Q.
Thanks for your answers.
-- |
Regards
stephen_hope@xyzworld.com - replace xyz with ntl |
|
| Back to top |
|
|
anoop
Guest
|
| Posted:
Sun Nov 27, 2005 5:20 pm Post subject:
Re: An interface on many VLANs |
|
|
To do what you suggest below with a standard 802.1Q switch
you would need to either:
- Have port 3 be tagged (and computer 3 send/receive tagged
frames); or
- Enable the 3com switch to do "shared" VLAN learning. Have
"vlan 3" be the PVID for the port 3 and make it a member of
vlan 1 and vlan 2. Also have ports 1 and 2 be members of
vlan 3, with PVID of vlan 1 and vlan 2 respectively.
Anoop
tibo wrote:
| Quote: | Hello.
Is it possible to have the following configuration on a switch ? (ethernet
only, no IP)
computer 1 on port 1, VLAN 1
computer 2 on port 2, VLAN2
And computer 3, port 3
I'd like computer 3 to be able to talk with computers 1 and 2, but computers
1 and 2 can't see each other. So I put port 3 on VLAN 1 and 2.
For example :
A frame coming from port 1 to port 3, but not on port 2
The answer frame coming from port 3 to port 1 but not on port 2.
A frame coming from port 2 to port 3, but not on port 1
The answer frame coming from port 3 to port 2 but not on port 1.
What do you think of that ?
I bought a 3COM switch (expensive) et that's not possible with it. So I'm
wondering about the ability of doing that, and on which brand (I thought
Cisco could do that).
If not possible with VLANs, maybe MAC address filtering ?
I precise I don't want IP nor 802.1Q.
Thanks for your answers. |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in