L3 switch - with client isolation - what are the options?

h2009 · 30 May 2011 at 14:06

Hi there,

I'm looking for some advice on switches (24 & 48 ports). At the moment I am using Cisco 2950G-EL switches with the following setup:
Port 1 = truck to router
Port 2 = management pc
Port 3 - 15 = VLAN11 = Wireless Access points (each has wireless isolation on them already)
Port 16 - 48 = VLAN2 & client isolation = Client ports

Ideally I'm looking to move away from Cisco units and go for another brand which I can achieve the same network setup. The main reason to why I don't want to use Cisco is I'd prefer using GUI interface rather than terminal.

The idea of client isolation is to help prevent DHCP backwards requests and also to help against "hackers"

I'd be grateful if someone could recommend switches which would be suitable.

h2009 · 30 May 2011 at 15:57

Hi guys thanks for your input.

As the 2950's are no longer manufactured, what models would you recommend going forward?

h2009 · 30 May 2011 at 19:52

Hi
I'm sure the 2950-el is L3 (or atleast multilayer but restrictive).
The main function I really need is port isolation. Like you would have wireless devices but there it's called client isolation

h2009 · 31 May 2011 at 00:39

Hi it's very similar to wireless client isolation, but it's for the switch ports only.
That I'm 100% sure on as it's in my setup now.

I had set these units up so long along I can't remember how I even did it or the cisco commands. I've had no problems with then for years.

Is there a command to display the configuration from CLI then I could post it up here.

h2009 · 31 May 2011 at 08:24

Thanks here is the configuration:

Code:

Building configuration...

Current configuration : 5976 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
ip dhcp snooping vlan 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 description rb450g-e2
 switchport trunk allowed vlan 2,3,11
 switchport mode trunk
 ip dhcp snooping trust
!
interface FastEthernet0/2
 description management
 switchport access vlan 11
 switchport mode access
!
interface FastEthernet0/3
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/4
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/5
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/6
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/7
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/8
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/9
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/10
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/11
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/12
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/13
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/14
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/15
 description EnGenius AP
 switchport trunk allowed vlan 2,11
 switchport mode trunk
!
interface FastEthernet0/16
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/17
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/18
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/19
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/20
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/21
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/22
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/23
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/24
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/25
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/26
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/27
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/28
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/29
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/30
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/31
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/32
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/33
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/34
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/35
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/36
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/37
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/38
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/39
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/40
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/41
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/42
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/43
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/44
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/45
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/46
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/47
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/48
 description  cust eth
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan11
 ip address 192.168.11.9 255.255.255.0
 no ip route-cache
 shutdown
!
ip default-gateway 192.168.11.1
ip http server
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
!
end

h2009 · 31 May 2011 at 17:41

To be honest, its was a very long time since I've done the configuration, but I haven't had any issues with it or anyone trying to get into it.

I'm just really trying to find a switch which can do the same thing as this unit. I.e. VLANs and port isolation.

I.e:
Port 1 can talk to Port 2-48
Ports 2-48 can talk to port 1
but ports 2-48 cannot talk to each other

My understanding of port isolation is locking the port by MAC address. Where as in my network users are always changing their equipment so I need to leave it open ended.

h2009 · 31 May 2011 at 22:44

Thanks for your replies but my current configuration is doing exactly what I need it to do on the 2950-EL.
If I go back to my question, I'm
Asking if there is any other switch I can replicate the configuration on using a GUI.

h2009 · 1 Jun 2011 at 19:20

Thanks for your replies. By the sounds of it I think you guys are right staying with Cisco is the best solution. I guess I'll have to get my learning hat on!