VLAN on 2950T-24 (Newbie Question)

Discussion in 'Cisco' started by Raymondo, Aug 3, 2004.

  1. Raymondo

    Raymondo Guest

    Hi there,

    I am new to Cisco. I'm trying to setup a Cisco 2950T switch with two
    Gigabit port. I want to patch one gigabit port to my Firewall's DMZ
    interface and have all my servers in the DMZ (Port 1-8) in 8 different
    VLAN for security purpose.

    I don't want the servers in the DMZ to communicate to each other,
    except to the firewall (Shorewall running on Debian)

    I understand server cannot communicate to each other in different
    VLAN. But is there a way to configure the Gigabit port to communicate
    to all servers (Port 1-8 in 8 different VLAN)


    Thanks in advance!

    Raymond
     
    Raymondo, Aug 3, 2004
    #1

    1. Advertisements

  2. Raymondo

    Peter Guest

    Hi Raymond,
    I can see a couple of different ways to do this, 1 using multiple
    VLANS and trunking, and the other using "protected" ports -

    1. Place ports fa0/1 - fa0/8 into each VLAN and the Gig port into
    trunking mode, passing only those VLANS you want. This method requires
    the Firewall to be able to do trunking.

    2. Or my preference would be to place ports fa0/1 - fa0/8 into the
    same VLAN, but include "Port Protected" on each interface. Then
    configure the Gig port in the same VLAN for the firewall, but do NOT
    include "Port Protected on that interface. This only uses 1 VLAN, but
    provides the same isolation as multiple VLANs and it does not require
    trunking on the Firewall and port.

    "Port Protected ports can only talk to a port that is NOT protected,
    but is in the same VLAN. This method allows each protected port to
    ONLY talk to the (non-protected) Firewall port, while the Firewall can
    talk to any other port in the same VLAN. This does not require
    trunking on the Firewall, conserves VLANS, and is easier to
    configure. It is also very easy to just add a new (protected) port
    as/when its needed without adding new vlans to the trunk port as well.

    Cheers..........pk.
     
    Peter, Aug 4, 2004
    #2

    1. Advertisements

  3. Raymondo

    Hansang Bae Guest

    What you're after is "switchport protected" Fa0/1 through fa0/8.

    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Aug 5, 2004
    #3

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. HI, I have some question about native vlan and default vlan.

  2. newbie: cisco vlan newbie question

  3. Uplinking Catalyst 2950T Switches

  4. Cisco 2950T switch - VLAN

  5. 2950T-24 Cluster

  6. 2950T-24 dead with blinking sys led

  7. Question about Cisco 2950T Uplink Port

  8. Multi-VLAN on 2950T

Loading...