The 2924XL platform does support PVLANs if it can be upgraded to 12.0(5)XU or higher code which is based on a number of factors including memory. The XL-EN is questionable. 4MB 2924XL switches cannot run the 12.0(5)XU and higher code.
For what you are trying to do, PVLANs are the only way to do it that I know of ( I was even trying to come up with a kludge scenario involving using a router and trunking the VLANs up to the router that is doing IRB and filtering at the MAC layer). Especially useful in a DMZ scenario, PVLANs allow you to have a single DMZ for multiple applications, such as WWW and SMTP, and prevent them from seeing each other, yet allow them to talk to firewalls and routers (some people asked why you would do such a thing). It is a recommended part of the Cisco SAFE architecture. http://www.cisco.com/warp/public/473/90.shtml http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm -----Original Message----- From: Don Claybrook [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 6:17 PM To: [EMAIL PROTECTED] Subject: How to keep multiple switch ports on the same VLAN from [7:49410] I have a customer who needs to have several ports on a 2924XL-EN in the same VLAN. The customer does not want these ports to be able to communicate with one another, but would like all of them to be able to go to/through another port. E.g., ports 1 to 5 would be on VLAN 50, they'd all be able to access port 6, on VLAN 60, but not each other. I did find something on CCO about Private VLANs, but I see that the 2924 is not on the list of hardware that supports PVLAN's. Does anyone know of a way to accomplish this segregation within the same VLAN, short of PVLAN's? Any help is much appreciated. Thanks, Don Claybrook Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49521&t=49521 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
