Re: switchport protected Vs isolated ports

From: Narbik Kocharians (narbikk@gmail.com)
Date: Fri Jul 06 2007 - 12:32:53 ART

• Next message: Con Spathas: "OT: RE: Using MQC nesting for access-control.... - Take 2"
• Previous message: johngibson1541@yahoo.com: "feature nav shows c3640-ik9o3s-mz.124-8a.bin has SNAT, but not"
• Maybe in reply to: Navin MS: "switchport protected Vs isolated ports"
• Next in thread: Navin MS: "Re: switchport protected Vs isolated ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Remember the following when making the decision:

Private-vlans are not available on 3550s.

Private-vlans are available on 3560.

To use private-vlans, the switch must be configured in transparent mode, and
since the current versions of VTP that are supported on 3560s (version 1 and
2) do not propagate private-vlans info, they need to be configured on all
switches involved.

There are other ways to restrict communications between two hosts belonging
to the same VLAN, for example the "switchport protected" or "VACL" can also
do the trick.

On 7/6/07, Antonio Soares <amsoares@netcabo.pt> wrote:
>
> Important to remember: switchport protected AKA as private-vlan light
> feature is only locally significant.
>
> Private-vlans removes the above limitation.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Navin MS
> Sent: sexta-feira, 6 de Julho de 2007 8:55
> To: ccielab@groupstudy.com
> Subject: switchport protected Vs isolated ports
>
> Group,
>
> I have trouble using these 2 commands. Can't really differenciate
> situations
> where one fits more than the other. The idea is to restrict communication
> b/n 2 ports belonging to the same vlan.
>
> 1) which one should i use, considering there is no restriction on creating
> an extra vlan ?
>
> - switchport protected (or)
> - port in isolated vlan
>
> 2) Secondly, if 2 servers on the same vlan but on different switches
> shouldn't talk to each other, then what is the way to go ?
>
> Thnx,
> Naveen.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Narbik Kocharians
CCIE# 12410 (R&S, SP, Security)
CCSI# 30832

• Next message: Con Spathas: "OT: RE: Using MQC nesting for access-control.... - Take 2"
• Previous message: johngibson1541@yahoo.com: "feature nav shows c3640-ik9o3s-mz.124-8a.bin has SNAT, but not"
• Maybe in reply to: Navin MS: "switchport protected Vs isolated ports"
• Next in thread: Navin MS: "Re: switchport protected Vs isolated ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:40 ART