Cisco 2950T switch - VLAN

Discussion in 'Cisco' started by Raymondo, Aug 3, 2004.

  1. Raymondo

    Raymondo Guest

    Hi there,

    I am new to Cisco. I'm trying to setup a Cisco 2950T switch with two
    Gigabit port. I want to patch one gigabit port to my Firewall's DMZ
    interface and have all my servers in the DMZ (Port 1-8) in 8 different
    VLAN for security purpose.

    I don't want the servers in the DMZ to communicate to each other,
    except to the firewall (Shorewall running on Debian)

    I understand server cannot communicate to each other in different
    VLAN. But is there a way to configure the Gigabit port to communicate
    to all servers (Port 1-8 in 8 different VLAN)

    Thanks in advance!

    Raymondo, Aug 3, 2004
  2. Hi,

    Yes, the feature you're looking for is private vlans. Using private vlan
    ports, all ports share the same vlan but are NOT able to communicate with
    other private vlan ports in the same vlan but CAN communicate with any
    non-private-vlan ports in the same vlan. This means:

    Port 1-8 setup as private vlan ports in, lets say, vlan 2
    Port 25 (gbit) as normal access port in vlan 2 (or trunk).

    Port 1->2 is not possible,
    Port 1->3 is not possible,
    port 1->25 IS possible

    Erik Tamminga, Aug 5, 2004
  3. Hmm,

    didn't see you posted the same question twice and already go an answer.

    Erik Tamminga, Aug 5, 2004
