Port Protected

Discussion in 'Cisco' started by Piccalo Clark, Sep 9, 2004.

  1. Hi,

    I have been using Cisco Catalyst 2950 switches for sometime now. They
    have a feature that allows the ports to be flagged as "protected".
    This prevents any port flagged as such communicating with another
    protected port.

    If the protected port option is not available, how can I prevent
    connections on these port communicating with each other ? I have
    considered a seperate Vlan for each port, but this doesn't feel
    right.......;-)

    Many thanks

    Piccalo
    Piccalo Clark, Sep 9, 2004
    #1
    1. Advertising

  2. Piccalo Clark

    Kevin Guest

    That was one of the primary reasons for the development of VLANS. Well
    VLANS were first conceived for hubs ... need I say more. Depending on
    the model you can try to implement MAC address ACL which can have a
    similar effect if the MAC address is not going to change often.

    Piccalo Clark wrote:
    > Hi,
    >
    > I have been using Cisco Catalyst 2950 switches for sometime now. They
    > have a feature that allows the ports to be flagged as "protected".
    > This prevents any port flagged as such communicating with another
    > protected port.
    >
    > If the protected port option is not available, how can I prevent
    > connections on these port communicating with each other ? I have
    > considered a seperate Vlan for each port, but this doesn't feel
    > right.......;-)
    >
    > Many thanks
    >
    > Piccalo
    Kevin, Sep 10, 2004
    #2
    1. Advertising

  3. Thanks for your reply Kevin, now I know I'm on the right track !

    The issue I have now is that for each port on its seperate Vlan I have
    to set up a gateway for each Vlan. What I would like to be able to do
    is have all ports use the same gateway with the same IP address, is
    this possilble ?

    I litterally want to set up a standard lan, using one gateway, but
    prevent the clients on the network talking to any other computer than
    the gateway. Configuration on each of the clients isn't an option,
    thats why I am trying to do this on a switch level.

    Many thanks


    Kevin <> wrote in message news:<X480d.1003$>...
    > That was one of the primary reasons for the development of VLANS. Well
    > VLANS were first conceived for hubs ... need I say more. Depending on
    > the model you can try to implement MAC address ACL which can have a
    > similar effect if the MAC address is not going to change often.
    >
    > Piccalo Clark wrote:
    > > Hi,
    > >
    > > I have been using Cisco Catalyst 2950 switches for sometime now. They
    > > have a feature that allows the ports to be flagged as "protected".
    > > This prevents any port flagged as such communicating with another
    > > protected port.
    > >
    > > If the protected port option is not available, how can I prevent
    > > connections on these port communicating with each other ? I have
    > > considered a seperate Vlan for each port, but this doesn't feel
    > > right.......;-)
    > >
    > > Many thanks
    > >
    > > Piccalo
    Piccalo Clark, Sep 10, 2004
    #3
  4. Piccalo Clark

    Kevin Guest

    The best thing is to setup a MAC address ACL on each of the ports only
    allowing traffic from the default gateway. Most of the cisco switches
    support that but there are a few that don't. If your switch does not
    then you will have to use VLANS and most likely a lot of subinterfaces
    on the router.

    Not to pry but I assume you have a very good reason or atypical setup to
    go through all of this trouble. This could easily be a lot of time
    better spent say making sure the clients are patched/virus protected.

    Good luck!

    Piccalo Clark wrote:
    > Thanks for your reply Kevin, now I know I'm on the right track !
    >
    > The issue I have now is that for each port on its seperate Vlan I have
    > to set up a gateway for each Vlan. What I would like to be able to do
    > is have all ports use the same gateway with the same IP address, is
    > this possilble ?
    >
    > I litterally want to set up a standard lan, using one gateway, but
    > prevent the clients on the network talking to any other computer than
    > the gateway. Configuration on each of the clients isn't an option,
    > thats why I am trying to do this on a switch level.
    >
    > Many thanks
    >
    >
    > Kevin <> wrote in message news:<X480d.1003$>...
    >
    >>That was one of the primary reasons for the development of VLANS. Well
    >>VLANS were first conceived for hubs ... need I say more. Depending on
    >>the model you can try to implement MAC address ACL which can have a
    >>similar effect if the MAC address is not going to change often.
    >>
    >>Piccalo Clark wrote:
    >>
    >>>Hi,
    >>>
    >>>I have been using Cisco Catalyst 2950 switches for sometime now. They
    >>>have a feature that allows the ports to be flagged as "protected".
    >>>This prevents any port flagged as such communicating with another
    >>>protected port.
    >>>
    >>>If the protected port option is not available, how can I prevent
    >>>connections on these port communicating with each other ? I have
    >>>considered a seperate Vlan for each port, but this doesn't feel
    >>>right.......;-)
    >>>
    >>>Many thanks
    >>>
    >>>Piccalo



    --
    Kevin
    CCNP
    Kevin, Sep 11, 2004
    #4
  5. Hi again Kevin,

    Unfortunately this is a public network, where anyone can plug in. I
    have no control over who or what joins the network, so I'm placing
    these constraints on the network to prevent these situations
    happening! ACL's are a good idea however, although I may well stick
    with Vlans as changing the gateway would be a pain on an
    administration level.

    Piccalo


    Kevin <> wrote in message news:<OSK0d.1170$>...
    > The best thing is to setup a MAC address ACL on each of the ports only
    > allowing traffic from the default gateway. Most of the cisco switches
    > support that but there are a few that don't. If your switch does not
    > then you will have to use VLANS and most likely a lot of subinterfaces
    > on the router.
    >
    > Not to pry but I assume you have a very good reason or atypical setup to
    > go through all of this trouble. This could easily be a lot of time
    > better spent say making sure the clients are patched/virus protected.
    >
    > Good luck!
    >
    Piccalo Clark, Sep 13, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ric
    Replies:
    4
    Views:
    58,529
  2. =?Utf-8?B?a2E=?=

    Flash drive is write protected!!

    =?Utf-8?B?a2E=?=, Oct 14, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,464
    =?Utf-8?B?a2E=?=
    Oct 14, 2005
  3. ngoc
    Replies:
    0
    Views:
    387
  4. default
    Replies:
    5
    Views:
    457
    Yandos
    Nov 11, 2005
  5. Terry Baranski
    Replies:
    2
    Views:
    8,595
    Terry Baranski
    Jul 9, 2003
Loading...

Share This Page