From: Erlend Ringstad (erlendri@xxxxxxxxxxx)
Date: Tue Jun 18 2002 - 05:00:14 GMT-3
Greetings.
I'm playing around with the catalyst 2950/3550 "port protected"
interfacecommand.
My setup:
2 laptops, one 7100 and one Catalyst 2950.
The laptops and the router is in the same vlan (default vlan 1).
config:
interface FastEthernet0/1
description Connected to 7100
!
interface FastEthernet0/2
description Connected to laptop 1
port protected
!
interface FastEthernet0/3
description Connected to laptop 2
port protected
!
The port protected command will make the port a private vlan (PVLAN).
In my case that will deny ALL layer2 (and hence also layer3) packets
between laptop 1 and laptop 2 (which is what i want to do) even if the
hosts know each others real mac-address. No communication whatsoever.
Why am I not happy?
These are clients are supposed to talk to each other, but they are
supposed to do it through the router.
To do that the router needs som kind of arp-spoofing/arp-proxying
mechanism, but not for a different subnet like proxy-arp would help me
with, but the same.
To clearify:
I want to deny L2 communication between laptop 1 and laptop 2 but
i do want them to be able to talk to each other on L3 via the router
connected to the port.
I belive there is some way to make the router send an arp response
to every request it gets, if it knows the target or not.
Help me out guys! (and gals;)
Regards,
Erlend Ringstad
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:36 GMT-3