-2

I have Cisco Catalyst 2960-s switch and I want to configure three Vlans (A; B; C)

I want to :

  • Allow traffic between A and B
  • Allow traffic between A and C
  • Block traffic between C and B

or if there is other method to permit/deny access between switch ports.

Ould Abba
  • 119
  • 3
  • 2
    i do not think you can do VLAN routing on layer2 switch without involving router or layer 3 switch functionality which I do not think available for 2960 Series – Danila Ladner Aug 28 '13 at 15:57
  • Welcome to Server Fault! There appears to be little to no research done on this issue up front and/or there's very little for someone here to go on to assist you. It is recommended that you post things you've already tried, options you are considering, or errors that you are experiencing. The more details you provide (logs, screenshots, etc.), the better the experts here can assist you. – TheCleaner Aug 28 '13 at 16:00
  • 2
    Routing traffic requires a router. – David Schwartz Aug 28 '13 at 19:20

3 Answers3

0

You might try to look onto private VLANs - though they are only available on the more expensive switches and not 2960 :-(

squillman
  • 37,618
  • 10
  • 90
  • 145
Truebsalgeblaese
  • 364
  • 1
  • 4
0

This can be done with access control lists. I believe their 2960 switches an only put them on ingress, but that should be enough to do what you are asking.

  1. Make ACL
  2. Apply to SVI

http://www.networkclue.com/routing/Cisco/access-lists/index.aspx

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#topic1

Burnt-Squirrel
  • 1
  • 1
0

OK Catalyst 2960-s doesn't have routing possibility.

But it has another great feature called protected port : two protected ports can not communicate with each other.

I used this feature to divide my network into four segments (see image below) :

  • user group1 is on protected port
  • user group2 is on protected port
  • server group is on protected port
  • shared resources are on non protected ports

Protected ports

this does exactly what i wanted to do, but i'm afraid that having all users on a single port will decrease network performance??

in other words, what happens if all users in user group 1 demand access to shared resources?

Ould Abba
  • 119
  • 3