如何在CISCO交换机上实现端口定向通讯

fofo_clark

各位专家 不知道如何在cisco交换机上实现端口的定向通讯 举个例子: 交换机的1,2,3号端口只能和4,5,6号端口而且1,2,3号端口发出的广播只能有4,5,6号端口能够接收到,而不会影响到其他的端口. 急!!! 望各位专家不吝赐教!

oldjiang

"1,2,3号端口发出的广播只能有4,5,6号端口能够接收到"，划分VLAN可以实现。但“1,2,3号端口只能和4,5,6号端口通讯”就不懂了，ACL？

wwwang

关于第二个问题：
我曾经听人说过cisco端口保护功能，不知是不是这个功能。楼主可以试一下。

oldjiang

供楼主参考
Catalyst 2900 XL and Catalyst 3500 XL Software Configuration Guide, 12.0(5)WC4 and 12.0(5)WC5

Configuring Protected Ports
Some applications require that no traffic be forwarded by the Layer 2 protocol between ports on the same switch. In such an environment, there is no exchange of unicast, broadcast, or multicast traffic between ports on the switch, and traffic between ports on the same switch is forwarded through a Layer 3 device such as a router.
To meet this requirement, you can configure Catalyst2900XL and Catalyst3500XL ports as protected ports (also referred to as private VLAN edge ports). Protected ports do not forward any traffic to protected ports on the same switch. This means that all traffic passing between protected ports—unicast, broadcast, and multicast—must be forwarded through a Layer 3 device. Protected ports can forward any type of traffic to unprotected ports, and they forward as usual to all ports on other switch

oldjiang

用PRIVATE VLAN，请参考:
http://www.xxlinux.com/linux/e/DoPrint/?classid=53&id=12698、
http://www.cisco.com/en/US/docs/ ... tion/guide/scg.html Catalyst 3560 SwitchSoftware Configuration Guide
1-6口做一个Community VLAN，其他口做另一个Community VLAN或者Isolated VLAN。只是大概看了一下，未曾深究。

[ 本帖最后由 oldjiang 于 2008-4-14 22:30 编辑 ]