1. Home
  2. Ethernet LAN
  3. An interface on many VLANs

An interface on many VLANs

Hello.

Is it possible to have the following configuration on a switch ? (ethernet only, no IP)

computer 1 on port 1, VLAN 1 computer 2 on port 2, VLAN2

And computer 3, port 3

I'd like computer 3 to be able to talk with computers 1 and 2, but computers

1 and 2 can't see each other. So I put port 3 on VLAN 1 and 2.

For example : A frame coming from port 1 to port 3, but not on port 2 The answer frame coming from port 3 to port 1 but not on port 2.

A frame coming from port 2 to port 3, but not on port 1 The answer frame coming from port 3 to port 2 but not on port 1.

What do you think of that ?

I bought a 3COM switch (expensive) et that's not possible with it. So I'm wondering about the ability of doing that, and on which brand (I thought Cisco could do that).

If not possible with VLANs, maybe MAC address filtering ?

I precise I don't want IP nor 802.1Q.

Thanks for your answers.

Reply to
tibo
Loading thread data ...

"tibo" wrote in news: snipped-for-privacy@fe5.teranews.com:

Sounds like you want a switch + firewall combo.

Sonicwall has such a product - it is a 24 port switch with 24 independent zones. You can configure the zones to forward, filter, block packets as needed.

formatting link

Reply to
Spam Catcher

some cisco switches support a feature called private VLANs (PVLANs) it allows ports in a subnet to only talk to "promiscuous" ports in the same VLAN.

AFAIR originally invented to help with security when you have a Catalyst switch with a firewall and multiple machines in a DMZ.

formatting link
which switches support it:
formatting link
looks like the minimum device is a Catalyst 3560

if you think 3Com is expensive, you have a shock coming :)

No - only limits what can connect to the port, not what can tlak through it.

Reply to
stephen

To do what you suggest below with a standard 802.1Q switch you would need to either:

- Have port 3 be tagged (and computer 3 send/receive tagged frames); or

- Enable the 3com switch to do "shared" VLAN learning. Have "vlan 3" be the PVID for the port 3 and make it a member of vlan 1 and vlan 2. Also have ports 1 and 2 be members of vlan 3, with PVID of vlan 1 and vlan 2 respectively.

Ano> Hello.

Reply to
anoop

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.