- Posts: 2
- Thank you received: 0
Looking for alternate code to switchport multi vlan command
18 years 4 months ago #16352
by JeffH
Looking for alternate code to switchport multi vlan command was created by JeffH
Different agencies connect to our network through our firewall.
They connect to a switch which is then connected to a port on our firewall.
In order to isolate each connection we assigned each one a unique VLAN number, lets say 101-109 (to keep things simple), like this:
interface FastEthernet0/1
switchport access vlan 236
Then we set the port(s) that connects the switch to the firewall:
interface FastEthernet0/24
switchport multi vlan 1,101-109
switchport mode multi
Note: on the new switch we will be connecting to our new firewall cluster using 2 Gig ports
Can anyone provide the proper code to duplicate this setup?
They connect to a switch which is then connected to a port on our firewall.
In order to isolate each connection we assigned each one a unique VLAN number, lets say 101-109 (to keep things simple), like this:
interface FastEthernet0/1
switchport access vlan 236
Then we set the port(s) that connects the switch to the firewall:
interface FastEthernet0/24
switchport multi vlan 1,101-109
switchport mode multi
Note: on the new switch we will be connecting to our new firewall cluster using 2 Gig ports
Can anyone provide the proper code to duplicate this setup?
18 years 3 months ago #16364
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Looking for alternate code to switchport multi vlan command
I'm affraid i have not got to the switching part of the CCNP yet (only just started with BCRAN). It sounds to me like you are talking about 802.1Q trunking but i cannot begin to help with configuration.
Hopefully someone else can help (thats indeed if i am correct there)
Cheers
Hopefully someone else can help (thats indeed if i am correct there)
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
18 years 3 months ago #16447
by JeffH
Replied by JeffH on topic switchport protected
I think I found the answer with the switchport protected command...
Configuring Protected Ports
A protected port feature is used in those environments where no traffic can be forwarded between two ports on the same switch. This way, one neighbor connected to one port does not see the traffic that is generated by another neighbor connected to the second port. The blocking of traffic (unicast, broadcast, or multicast) only works when both ports are protected. When a protected port is communicating with an unprotected port, the traffic is forwarded in the usual manner. Once the ports are protected, traffic between them can only be forwarded by a Layer 3 device.
By default, the protected port feature is not enabled. You can configure protected ports on either a physical interface or an EtherChannel group. Once you enable the protected port feature on the latter, it is extended to all the group's ports.
Configuring Protected Ports
A protected port feature is used in those environments where no traffic can be forwarded between two ports on the same switch. This way, one neighbor connected to one port does not see the traffic that is generated by another neighbor connected to the second port. The blocking of traffic (unicast, broadcast, or multicast) only works when both ports are protected. When a protected port is communicating with an unprotected port, the traffic is forwarded in the usual manner. Once the ports are protected, traffic between them can only be forwarded by a Layer 3 device.
By default, the protected port feature is not enabled. You can configure protected ports on either a physical interface or an EtherChannel group. Once you enable the protected port feature on the latter, it is extended to all the group's ports.
18 years 3 months ago #16450
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Looking for alternate code to switchport multi vlan command
Thanks for sharing, its very interseting and infact it could resolve an issue i am currently having. I'll take a look into that.
Cheers
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.123 seconds