[c-nsp] DHCP Isolation
老五
tianys at gmail.com
Thu Feb 16 19:54:24 EST 2012
Because the port faceing 7206 is a trunk port, so the mode it use should be promiscuous trunk.
"switchport mode private-vlan trunk promiscuous"
------------------
tianys at gmail.com
------------------ Original ------------------
From: "Jeremy Bresley"<brez at brezworks.com>;
Date: Fri, Feb 17, 2012 07:52 AM
To: "cisco-nsp"<cisco-nsp at puck.nether.net>;
Subject: Re: [c-nsp] DHCP Isolation
On 2/16/2012 3:27 PM, Rich Trinkle wrote:
> I have a DHCP pool setup on a 7206 and then trunk that vlan to a 3750 that feeds out to multiple sites/pc's. For those pc's that are not sitting behind a router at the remote location, they are able to do a network scan and pick up all other devices that are on this same subnet (DHCP pool) that are also directly plugged in with no router. My question is this.
>
> How do I create isolation in that DHCP subnet/vlan so no one device and see another device within the same pool? Thank you in advance.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_58_se/configuration/guide/swpvlan.html
Private VLANs should allow you to do exactly this. Each downstream port
would go in an isolated VLAN, the port facing the 7206 would be your
promiscuous port.
Jeremy "TheBrez" Bresley
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list