VLANs

its called a trunk :-))

You can configure the port as a trunk port, then allowed only vlan 42 on it. switchport mode trunk switchport trunk encapsulation dot1q switchport trunk native vlan 42 switchport trunk allowed vlan 42

Doan

Ooooooooooooooooh! OK! Thank you!

I see now; I am just starting to fit the pieces together.

So, may I ask; what is a "multi"?

I believe that the Cisco switch (2900/3500) supports: these three switchport modes: access, multi, and trunk...

Thanks again!

Hi,

Well that's not completely correct. The "switchport trunk native vlan 42" actually untags traffic for vlan 42. Remove this statement and you'll be fine.

The multi mode is an old thing, not supported on newer switches and should be avoided if possible. The multi mode allowed you to make the access port member of more than one vlan. For example if you've got multiple vlans and want one host to be member of more than one of these vlan's you could have setup a port in muti mode and assign multiple IP's to the host's nic. A side effect of this is that traffic generated from this host is send to all vlans, thus causing a leak of traffic for one vlan to the other vlan's. Don't use it. If a host has to be accessible to multiple vlans, use a router and route to the host.

Erik

Unless you need a multi option dont use, as one specific NIC will be allowed the membership more then one VLAN and its a security breach

Or have the port trunk, permit only the VLANs to which the host should have access, and have the host use 802.1q.

This requires that the host have a different IP on each VLAN, but that's probably more of a Good Thing than Bad Thing in that you get only the "leakage" you want.

I don't know how to do this with other environments, but Linux has been able to speak 802.1q for a few years at least.

- Andrew