Implementing Isolated Access on Cisco Switches
Updated: September 19, 2007 10:20:07 Author:
Nowadays, network security requirements are getting higher and higher, and a local area network sometimes hopes to be able to be inaccessible to each other. I mainly introduce to you how to achieve your needs on cisco switches. Implementation methods in cisco low-end switches: 1. Implemented through port protection (Switchitchport protected). 2. Implement through PVLAN (private vlan private vlan). The main operations are as follows: Relatively speaking, the configuration of cisco 3550 or 2950 switches is relatively simple. Enter the network interface configuration mode: Switch(config)#int range f0/1 - 24 #Operate f0/1 to f0/24 ports at the same time, you can select the port according to your own needs Switch(config-if-range)#Switchport protected #Open port protection ok... Until then, port protection is enabled on each interface of the switch, the purpose is to achieve. Since the 4500 series switches do not support port protection, it can be implemented through PVLAN. The main operations are as follows: First, create second Vlan 2 Switch(config)#vlan 101Switch(config-vlan)#private-vlan community###Create vlan101 and specify this vlan as public vlanSwitch(config)vlan 102Switch(config-vlan)private-vlan isolated###Create vlan102 and specify this vlan as isolated vlanSwitch(config)vlan 200Switch(config-vlan)private-vlan primarySwitch(config-vlan)private-vlan association 101Switch(config-vlan)private-vlan association add 102### Create vlan200 and specify this vlan as the main vlan, and at the same time formulate second vlanSwitch(config)#int vlan 200Switch(config-if)#private-vlan mapping 101,102#### After entering vlan200 configuring the IP address, make second vlan101 and 102 routes between second vlan101 and 102 so that it can communicate Switch(config)#int f3/1Switch(config-if)#Switch port private-vlan host-association 200 102Switch(config-if)#Switch port private-vlan mapping 200 102Switch(config-if)#Switched port mode private-vlan host### Enter the interface mode, configure the interface to the host mode of PVLAN, configure the main vlan and second vlan of Pvlan, and use 102. 102 isolate the vlan to this point. After the configuration is completed, after experimental testing, it is impossible to communicate between each port, but it can communicate with your own gateway. Note: The configuration instance on the Cisco website does not seem to be used in this way, but the isolation is enabled and cannot communicate with the gateway of this vlan. According to the configuration on the Cisco website, private vlan cannot be up. If there are multiple vlans to be configured for PVLAN, the second vlan must be added accordingly. A vlan can only be used as a second vlan under private vlan. Article entry: csh Editor in charge: csh
Related Articles
Clear XP junk with enhanced "disk cleaning" tool
Clear XP junk with the enhanced "disk cleaning" tool...2007-09-09RFC2702 Requirements for Traffic Engineering over MPLS
RFC2702 Requirements for Traffic Engineering over MPLS...2007-09-09xDSL technology and its application
xDSL technology and its application...2007-09-09Access List
Access list...2007-09-09Network classification basics
Network classification basics...2007-09-09Dual-machine interconnection problem
Dual-machine interconnection problem...2007-09-09cisco2621 router NAT configuration example
Cisco2621 router NAT configuration example...2007-09-09Cisco Router Global, Interface, Protocol Debugging Guide
Cisco Router Global, Interface, Protocol Debugging Guide...2007-09-09LAN and WAN interface standards
LAN and WAN interface standards...2007-09-09How can an application become a "system service" text analysis error
How can an application become a "system service" text analysis error...2007-09-09