Hang internal network traffic on Cisco Catalyst C2924-XL.

Discussion in 'Cisco' started by Fabrizio, Sep 13, 2006.

  1. Fabrizio

    Fabrizio Guest

    Hi there, I'm a newbie on cisco switches and routers.
    My question is: is there a way to temporary block all internal traffic
    on cisco 2924 without reset ethernet ports?
    Alternatively, may I create some kind of access list for block UDP
    traffic?

    thanks in advance
    bye, fabrizio
     
    Fabrizio, Sep 13, 2006
    #1
    1. Advertising

  2. In article <>,
    Fabrizio <> wrote:
    >Hi there, I'm a newbie on cisco switches and routers.
    >My question is: is there a way to temporary block all internal traffic
    >on cisco 2924 without reset ethernet ports?


    Well, if you don't want to disable the port, you could always force
    it to trunk mode with a unique PVID enabled on it that differed
    from the native PVID for it ;-)


    >Alternatively, may I create some kind of access list for block UDP
    >traffic?


    Sorry, 2924's are before my time.
     
    Walter Roberson, Sep 13, 2006
    #2
    1. Advertising

  3. "Fabrizio" <> writes:
    >My question is: is there a way to temporary block all internal traffic
    >on cisco 2924 without reset ethernet ports?


    No, turning off the port is about the only way, or to make it block
    some otherway, such as putting it into trunk mode or something.

    >Alternatively, may I create some kind of access list for block UDP
    >traffic?


    Not on a 2924XL. Its a pretty barebones basic Layer-2 switch.
     
    Doug McIntyre, Sep 14, 2006
    #3
  4. Fabrizio

    Fabrizio Guest

    Hi Walter, may you explain better?

    > Well, if you don't want to disable the port, you could always force
    > it to trunk mode with a unique PVID enabled on it that differed
    > from the native PVID for it ;-)


    tnx, fabrizio
     
    Fabrizio, Sep 14, 2006
    #4
  5. In article <>,
    Fabrizio <> wrote:
    >Hi Walter, may you explain better?


    >> Well, if you don't want to disable the port, you could always force
    >> it to trunk mode with a unique PVID enabled on it that differed
    >> from the native PVID for it ;-)


    A port which is configured as a trunk will only pass traffic for
    the VLANs (Virtual LANs) that have been specified to pass over it.
    Each VLAN is identified by a number, known as the PVID (Private VLAN
    ID or something like that.)

    If you configure a port as a trunk and you set it up so that the only
    PVID attached to it (allowed to pass over it) is one that is
    used for nothing else at all, then there will be no data packets sent
    to the port. (You might still get link management packets sent to
    the port, such as BDPU or CDP).

    The bit about "native PVID" is that each 802.1Q trunk port must have
    a PVID associated with it, and any packets that happen to be
    part of the VLAN identified by that PVID, will be sent across the
    link with -no- VLAN tag, just as if the port were an access port
    instead. Often the native VLAN for a trunk defaults to PVID 1 --
    which is often used for other things, and is probably what all the
    other ports defaulted to as well. So you should change the
    "native" VLAN (the PVID number) associated with the port as well,
    to something -different- than the unique PVID mentioned earlier,
    but which is also unique. That way there won't be any sourced
    packets to go out "native", and if any packets happen to come in
    in "native" (untagged format) from the other side, then because no
    other ports have that PVID, the packets will be discarded.


    You can see that this is all a bit of a "cheat": you don't actually
    block the port from sending any traffic, but what you do instead
    is set it up so that no traffic is eligable to go out over the port,
    and that any traffic that comes in from the port is thrown away.
    It's sort of like changing your telephone to an unlisted number and
    then not telling *anyone* what the new number is.
     
    Walter Roberson, Sep 14, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?ISO-8859-2?Q?Pawe=B3_Go=B3aszewski?=

    mrtg, snmp and cisco C2924 resets

    =?ISO-8859-2?Q?Pawe=B3_Go=B3aszewski?=, Oct 31, 2003, in forum: Cisco
    Replies:
    0
    Views:
    553
    =?ISO-8859-2?Q?Pawe=B3_Go=B3aszewski?=
    Oct 31, 2003
  2. Tobias Giner

    Dead Cicso Catalyst WS-C2924-XL-EN

    Tobias Giner, May 26, 2004, in forum: Cisco
    Replies:
    2
    Views:
    609
    Tobias Giner
    May 26, 2004
  3. gene martinez

    WS-C2924-XL-EN switch

    gene martinez, Feb 9, 2006, in forum: Cisco
    Replies:
    3
    Views:
    1,600
    gene martinez
    Feb 11, 2006
  4. goosed

    C2924 and Multiple VLANs

    goosed, Jul 10, 2008, in forum: Cisco
    Replies:
    1
    Views:
    649
    donjohnston
    Jul 14, 2008
  5. Michael T. Davis

    Flashing lights on C2924-XL-EN

    Michael T. Davis, Feb 21, 2011, in forum: Cisco
    Replies:
    3
    Views:
    740
    Doug McIntyre
    Feb 23, 2011
Loading...

Share This Page