In a previous job a few years ago I needed to create two isolated VLANs on a 2900 with no connectivity between them. One other port on the switch had to be a member of both VLANs. I used the switchport mode multi command to accomplish this design and did not configure any ports as trunk.
Now I need to do something equivalent on a 2950 but it appears that switchport mode multi is not supported (IOS 12.1). Do I have to configure a 2950 port as a trunk to accept packets from either VLAN? Is there another way to do this?
Is dot1q encapsulation pretty much always used these days instead of ISL just because it's a standard?
VLAN 1 on the 2950 has an IP address, which is how I reach the switch to manage it. Does VLAN 2 need one too? If so, why?
The switch port that will become a trunk is now connected to a 3745 router. Do I need to define two subinterfaces on this router each configured with dot1q encapsulation and an IP address for VLAN1 and VLAN2?
I don't want traffic to route between the two VLANs. I presume that since the two subinterfaces are directly connected to the router, it will automatically route between them. Right?
Is the best way to prevent this an access list?
ip access-list extended no_route deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 permit ip any any
int f0/0 ip access-group no_route in