Skip to main content
Start a Conversation

Unsolved

Theo_C3

2 Posts

722

October 6th, 2022 06:00

Isolate hosts on same VLAN - N1524

Hello all,

We are using a Dell N1524 switch on which we have configured multiple VLANs. We now would like to isolate the hosts on those VLANs, for example we don't want hosts1 on VLAN1 to be able to discuss with host2 on same VLAN.

From what I understand, on a switch, we can configure multiple primary VLANs, each of which can include a single isolated VLAN and multiple community VLANs.
So we can imagine creating a primary VLAN for each of our isolated VLANs.
But the problem is that a port in promiscuous mode can only serve one primary VLAN, one isolated VLAN and several community VLANs.

The fact is that we only have one port on the switch that is connected to the pfsense router.

Do you have any idea how I can do this?

Thank you,
Theo.

DELL-Charles R

Moderator

 • 

4.7K Posts

October 6th, 2022 11:00

Hello  Theo_C3,

 

I will have to look into this.

 Could you post your running-config for us to get a look?

Please delete personal information like serial number/ service tag before posting.

DELL-Charles R

Moderator

 • 

4.7K Posts

October 6th, 2022 12:00

You may try switchport protected. Traffic from protected ports is sent only to the uplink ports and cannot be sent to other ports within the VLAN.

page 464 here: https://dell.to/3rCaRU7

 

Theo_C3

2 Posts

October 7th, 2022 02:00

Hello Charles R,

Thank you for your answer, indeed, changing the ports to protected mode could be a solution. But in case I need two protected ports to communicate with each other, is there a command for that? 

For example, I would like a host1 to be able to communicate only with another host2 and not the other hosts.

Thank you,
Theo.

DELL-Erman O

Moderator

 • 

2.9K Posts

October 7th, 2022 03:00

Hi, if you check pg 901, I don't think they can communicate with each other. Because protected ports can communicate only with unprotected ports. https://dell.to/3fPoNrg quoted "The switch supports up to three separate groups of protected ports. Traffic
can flow between protected ports belonging to different groups, but not
within the same group.
A port can belong to only one protected port group. You must remove an
interface from one group before adding it to another group.
Port protection occurs within a single switch. Protected port configuration
does not affect traffic between ports on two different switches. No traffic
forwarding is possible between two protected ports.
When an interface is enabled for routing (via the interface vlan command),
the port will no longer be operationally enabled as a protected port on the
interface. If the interface is part of a LAG or is a probe port, the feature is
disabled for the port. "










 

Image

 

 

Was this post helpful?

View All

No Events found!

Top