On Thu, May 6, 2010 at 8:14 PM, Vineet Bhojnagarwala <[email protected]> wrote: > Alternatively, if using normal vlans, this can also be achieved by enabling > access list on the switch and restrict traffic flows. Generally this is done > on a layer 3 switch, don't think it will support on your switch model.
That is correct. In order to do this on a 2950, you will need a router behind this to be the gateway for each vlan. (On Cisco equipment you'd need to create a subinterface for each vlan (i.e. FastEthernet 0.xxx) where xxx is your vlan number. Then you can set each port up to be a trunk port on the 2950, but specify the native vlan on the port as the PC vlan # and allow the Vlan # for the phone vlan. So something like: switchport mode trunk switchport trunk native vlan [pc vlan #] switchport trunk allowed vlan [pc vlan #],[phone vlan #] Then you will have to create access-lists on the router to block intra-VLAN traffic. This can also be all done on a Layer 3 switch (like the Cisco 3550), by defining each VLAN as an interface: interface VLAN 100 description Phone VLAN ip address 192.168.100.1 255.255.255.0 ! interface VLAN 101 description Customer 1 VLAN ip address 192.168.101.1 255.255.255.0 ! etc.. then your ports will look like: interface FastEthernet 0/2 description customer 1 port switchport mode trunk switchport trunk encapsulation dot1q switchport trunk native vlan 101 switchport trunk allowed vlan 100,101 ! Then you'll need access lists to prevent the intra-vlan traffic.. -- James > > > Rgds, > Vineet Bhojnagarwala RCDD, NTS, OSP > Spear Networks Pvt Ltd > Integration & Consultancy > +91-9831436607 > On May 7, 2010, at 8:39 AM, Vineet Bhojnagarwala <[email protected]> wrote: > > I think this is a motel kind of situation and a PVLAN serves the situation > right. Put all the ipphones in the voice vlan as suggested, make a seperate > isolated vlan for the PCs, this will restrict traffic between the clients. > > > Rgds, > Vineet Bhojnagarwala RCDD, NTS, OSP > Spear Networks Pvt Ltd > Integration & Consultancy > +91-9831436607 > On May 6, 2010, at 11:30 PM, "David White" <[email protected]> > wrote: > > -----Original Message----- > From: [email protected] on behalf of Noah Miller > Sent: Thu 5/6/2010 10:41 AM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [asterisk-users] OT: NAT in SPA922 > >>>> It is a building, with 24 separated rooms, each room will have a PC and >>>> a IP >>>> Phone. Every room connected to a switch Cisco 2950. >>>> I want keeping all PCs isolated behind a NAT (no access to neighbour's >>>> PC), >>>> and still keep communication in same LAN between all IP Phones. >>>> >>>> Should I take another approach on that? >>>> >>> Put each PC in its own VLAN. Keep all the phones in one VLAN. >>> >>> Although having a $30 router in each room hanging off the phone would >>> accomplish what you want also. >> >> Take j's suggestion to use VLANs. This is not a good situation for >> NAT. Cisco 2950's can do VLANs. >> > > to be clear, the only way this will work with the PCs is if each PC vlan is > *also* a unique ip subnet (else how do all the vlans access a common default > gw?) > > place the phones in a voice vlan, and the phone problem is solved. > as for the PC isolation, you might get better feedback on a cisco or other > networking forum. > > -david > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
