Skip to main content

Looking for alternate code to switchport multi vlan command

More
18 years 4 months ago #16352 by JeffH
Different agencies connect to our network through our firewall.
They connect to a switch which is then connected to a port on our firewall.
In order to isolate each connection we assigned each one a unique VLAN number, lets say 101-109 (to keep things simple), like this:
interface FastEthernet0/1
switchport access vlan 236

Then we set the port(s) that connects the switch to the firewall:
interface FastEthernet0/24
switchport multi vlan 1,101-109
switchport mode multi

Note: on the new switch we will be connecting to our new firewall cluster using 2 Gig ports

Can anyone provide the proper code to duplicate this setup?
More
18 years 3 months ago #16364 by Smurf
I'm affraid i have not got to the switching part of the CCNP yet (only just started with BCRAN). It sounds to me like you are talking about 802.1Q trunking but i cannot begin to help with configuration.

Hopefully someone else can help (thats indeed if i am correct there)

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
18 years 3 months ago #16447 by JeffH
Replied by JeffH on topic switchport protected
I think I found the answer with the switchport protected command...
Configuring Protected Ports

A protected port feature is used in those environments where no traffic can be forwarded between two ports on the same switch. This way, one neighbor connected to one port does not see the traffic that is generated by another neighbor connected to the second port. The blocking of traffic (unicast, broadcast, or multicast) only works when both ports are protected. When a protected port is communicating with an unprotected port, the traffic is forwarded in the usual manner. Once the ports are protected, traffic between them can only be forwarded by a Layer 3 device.

By default, the protected port feature is not enabled. You can configure protected ports on either a physical interface or an EtherChannel group. Once you enable the protected port feature on the latter, it is extended to all the group's ports.
More
18 years 3 months ago #16450 by Smurf
Thanks for sharing, its very interseting and infact it could resolve an issue i am currently having. I'll take a look into that.

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.123 seconds