Tibor Ell
asked on
Cabling two access port together on the same switch
Theoretically would I be able to connect two switch ports together with a simple straight/cross cable on the same switch if the two ports are in different VLANs (eg. 2 and 22) and ports are in access mode? BPDU guard and STP are active. The addresses and subnet is the same on both ports 10.9.0.0/24. (I mean there I have assets in VLAN 22, but I have route from the client side to VLAN2, default gw., if asset is connected to access port member in VLAN2, and has the address 10.9.0.2 it can be reached). I would like to accomplish: made my assests only reachable when switch ports are connected with a cable (and the asset is connected to an access port member of VLAN22), and cut the connection as soon as I pull the cable out? Theoretically. In practice ports are in err-disabled with Cisco Nexus 31xx.
It is easy if the cable connects two switches, but what if only one device is present?
Thank you!
It is easy if the cable connects two switches, but what if only one device is present?
Thank you!
it's err-disable because you have STP enabled + bpdu guard and you are creating a loop.
On 1 device i would have all devices in the same VLAN and isolate ports using PVLAN feature. You could switch on and off if you need device to see each other some times or you could also create communities to group them as needed.
https://www.cisco.com/c/en/us/support/docs/lan-switching/private-vlans-pvlans-promiscuous-isolated-community/40781-194.htmlhttps://www.cisco.com/c/en
On 1 device i would have all devices in the same VLAN and isolate ports using PVLAN feature. You could switch on and off if you need device to see each other some times or you could also create communities to group them as needed.
https://www.cisco.com/c/en/us/support/docs/lan-switching/private-vlans-pvlans-promiscuous-isolated-community/40781-194.htmlhttps://www.cisco.com/c/en
ASKER
The main goal would be use the "interconnect" cable and made a desired network reachable only with/through it, but avoid loop.
PVLANs are ok, but then we will skip the cable.
PVLANs are ok, but then we will skip the cable.
That still doesn't make a cable needed. I see no case for a cable here.
ASKER
The main purpose of the cable is representing an inline device. I would like to use Snort IPS in afpacket or other bridge (on Ubuntu). Both bridge interfaces are in promiscous mode and has no IP addresses. Im expreimenting with this for a while in virtual enviroment and it seems working properly, but there are the "bridging" between two vSwitch. I would like to represent this with physical device and I only have one switch. I thought if it could work with a cable, I could put there my device instead. (A PC with dual-port NIC that can fail-open mode).
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Besides that a switch does tell neighbours what it supplies, some switch wil start complaining about configuration mismatches as a result.
if VLAN2 & VLAN22 have the same netmask etc. then you WILL get a conflict because those systems that have the same address in both networks WILL complain or seize to function.
What is it that you ultimately need to configure.