Blocking any traffic between two switchports

From: Navin MS (navin_ms07@yahoo.com)
Date: Sun Apr 08 2007 - 20:21:42 ART

• Next message: Hossam Abbas: "ospf Neighbors Stuck in Two-Way State"
• Previous message: Darby Weaver: "Re: Internetwork expert question"
• Next in thread: Scott Morris: "RE: Blocking any traffic between two switchports"
• Maybe reply: Scott Morris: "RE: Blocking any traffic between two switchports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello GS,

Have a question asking "not to allow ANY traffic b/n two workstations which are connected two
ports on VLAN 30 but should freely communicate with the rest of the network". What is the correct
approach ?

Should I use "switchport protected" or use the Private VLAN concept as below ?

vlan 30
  private-vlan primary
  private-vlan association 33
!
vlan 33
  private-vlan isolated
!
interface FastEthernet0/10
 switchport private-vlan host-association 30 33
 switchport mode private-vlan host
!
interface FastEthernet0/11
 switchport private-vlan host-association 30 33
 switchport mode private-vlan host
!

Now, all ports in secondary Isolated VLAN (vlan 33) are isolated from each other. But the
confusion is which is best solution and is there something that suggests one is more favored than
the other ?

Does either of them stops all L2 and L3 traffic from and to each other ?

TIA,
Naveen.

• Next message: Hossam Abbas: "ospf Neighbors Stuck in Two-Way State"
• Previous message: Darby Weaver: "Re: Internetwork expert question"
• Next in thread: Scott Morris: "RE: Blocking any traffic between two switchports"
• Maybe reply: Scott Morris: "RE: Blocking any traffic between two switchports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART