[c-nsp] DHCP Isolation
Adam Piasecki
apiasecki at midatlanticbb.com
Fri Feb 17 11:08:41 EST 2012
On 2/16/2012 6:52 PM, Jeremy Bresley wrote:
> On 2/16/2012 3:27 PM, Rich Trinkle wrote:
>> I have a DHCP pool setup on a 7206 and then trunk that vlan to a 3750
>> that feeds out to multiple sites/pc's. For those pc's that are not
>> sitting behind a router at the remote location, they are able to do a
>> network scan and pick up all other devices that are on this same
>> subnet (DHCP pool) that are also directly plugged in with no router.
>> My question is this.
>>
>> How do I create isolation in that DHCP subnet/vlan so no one device
>> and see another device within the same pool? Thank you in advance.
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_58_se/configuration/guide/swpvlan.html
>
>
> Private VLANs should allow you to do exactly this. Each downstream
> port would go in an isolated VLAN, the port facing the 7206 would be
> your promiscuous port.
>
> Jeremy "TheBrez" Bresley
> _______________________________________________
Private Vlans, Switchport Protected(poor mans private vlans) and Access
Lists. I've also seen each device assigned it's own vlan, but that
doesn't scale very well.
Adam
--
Adam M Piasecki
MidAtlanticBroadband
Office: 410-727-8250 x 123
Cell: 940-224-4837
Fax: 410-727-8245
More information about the cisco-nsp
mailing list