DComTalk.com

Hello.

Is it possible to have the following configuration on a switch ? (ethernet
only, no IP)

computer 1 on port 1, VLAN 1
computer 2 on port 2, VLAN2

And computer 3, port 3

I'd like computer 3 to be able to talk with computers 1 and 2, but computers
1 and 2 can't see each other. So I put port 3 on VLAN 1 and 2.

For example :
A frame coming from port 1 to port 3, but not on port 2
The answer frame coming from port 3 to port 1 but not on port 2.

A frame coming from port 2 to port 3, but not on port 1
The answer frame coming from port 3 to port 2 but not on port 1.

What do you think of that ?

I bought a 3COM switch (expensive) et that's not possible with it. So I'm
wondering about the ability of doing that, and on which brand (I thought
Cisco could do that).

If not possible with VLANs, maybe MAC address filtering ?

I precise I don't want IP nor 802.1Q.

Thanks for your answers.

"tibo" <bartol_78SPAMSUXXX@yahoo.com> wrote in
news:1132862721.828586774d651f9c87bb20456d9ae933@fe5.teranews.com:

Hello.

Is it possible to have the following configuration on a switch ?
(ethernet only, no IP)

computer 1 on port 1, VLAN 1
computer 2 on port 2, VLAN2

And computer 3, port 3

I'd like computer 3 to be able to talk with computers 1 and 2, but
computers 1 and 2 can't see each other. So I put port 3 on VLAN 1 and
2.

Sounds like you want a switch + firewall combo.

Sonicwall has such a product - it is a 24 port switch with 24 independent
zones. You can configure the zones to forward, filter, block packets as
needed.

http://www.sonicwall.com/products/pro1260.html


--
Stan Kee (spamhoneypot@rogers.com)

"tibo" <bartol_78SPAMSUXXX@yahoo.com> wrote in message
news:1132862721.828586774d651f9c87bb20456d9ae933@fe5.teranews.com...

Hello.

Is it possible to have the following configuration on a switch ? (ethernet
only, no IP)

computer 1 on port 1, VLAN 1
computer 2 on port 2, VLAN2

And computer 3, port 3

I'd like computer 3 to be able to talk with computers 1 and 2, but
computers
1 and 2 can't see each other. So I put port 3 on VLAN 1 and 2.

For example :
A frame coming from port 1 to port 3, but not on port 2
The answer frame coming from port 3 to port 1 but not on port 2.

A frame coming from port 2 to port 3, but not on port 1
The answer frame coming from port 3 to port 2 but not on port 1.

What do you think of that ?

some cisco switches support a feature called private VLANs (PVLANs)
it allows ports in a subnet to only talk to "promiscuous" ports in the same
VLAN.

AFAIR originally invented to help with security when you have a Catalyst
switch with a firewall and multiple machines in a DMZ.
http://www.cisco.com/en/US/tech/tk389/t ... _home.html

which switches support it:
http://www.cisco.com/en/US/products/hw/ ... 4830.shtml

looks like the minimum device is a Catalyst 3560

I bought a 3COM switch (expensive) et that's not possible with it. So I'm
wondering about the ability of doing that, and on which brand (I thought
Cisco could do that).

if you think 3Com is expensive, you have a shock coming :)

If not possible with VLANs, maybe MAC address filtering ?

No - only limits what can connect to the port, not what can tlak through it.

I precise I don't want IP nor 802.1Q.

Thanks for your answers.
--

Regards

stephen_hope@xyzworld.com - replace xyz with ntl

To do what you suggest below with a standard 802.1Q switch
you would need to either:

- Have port 3 be tagged (and computer 3 send/receive tagged
frames); or
- Enable the 3com switch to do "shared" VLAN learning. Have
"vlan 3" be the PVID for the port 3 and make it a member of
vlan 1 and vlan 2. Also have ports 1 and 2 be members of
vlan 3, with PVID of vlan 1 and vlan 2 respectively.

Anoop

tibo wrote:

Hello.

Is it possible to have the following configuration on a switch ? (ethernet
only, no IP)

computer 1 on port 1, VLAN 1
computer 2 on port 2, VLAN2

And computer 3, port 3

I'd like computer 3 to be able to talk with computers 1 and 2, but computers
1 and 2 can't see each other. So I put port 3 on VLAN 1 and 2.

For example :
A frame coming from port 1 to port 3, but not on port 2
The answer frame coming from port 3 to port 1 but not on port 2.

A frame coming from port 2 to port 3, but not on port 1
The answer frame coming from port 3 to port 2 but not on port 1.

What do you think of that ?

I bought a 3COM switch (expensive) et that's not possible with it. So I'm
wondering about the ability of doing that, and on which brand (I thought
Cisco could do that).

If not possible with VLANs, maybe MAC address filtering ?

I precise I don't want IP nor 802.1Q.

Thanks for your answers.