Jans:
Here is an aproach (may be difficult to configure and mantain):
You can try to configure different Vlans in every port, then configure
port 21 as 802.1Q trunk. The server must have a nic that supports vlan
trunking (ie 3Com 3C980). The server must belong to every vlan, each in
a different subnet, and ip routing must be disabled.
After this config. every wks. will see the server but will not see other
wks. (because of routing disabled).
Hope it helps.
pablo.
--------------------------------------------------
Pablo Marcelo Smiraglia
Lider de proyectos
DTE Inform�tica & Comunicaciones
Voice 54-11-4382-8555 \ 0005
Fax: 54-11-4382-9073
e-mail: [EMAIL PROTECTED]
--------------------------------------------------
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENAzg0bOIAAAEIANDXaSo3HHgN1D/WZAPJDZ4RNX+8tgAfl1giUQmJQtxZeB03
mchtLO+bM0L5MJvhibobB0SiyoS5c737J9Ot7NvOhC+XMQvfWJm0/N6Bd8CkYRdC
DsQwhPViMSXoM7t8Z5LYS/172N0HEaoy3umI1Vq+Ut4to6JHeVtiU+Cv/BCcgMuG
bLoVmUF3PE1N4sCa+KBwvqx1S06iVKxSWLJtrqaK/ZVhQ28C3N4p00W9AQQdnHlp
7gRFduMt8jzeo2/JmOdjfHxp7on+hPbiY9mFKHcCvTNESmh0djzsAxMJd7schdQ2
LHw7eZ5SIWe7RS4ZIfXKCHrtg52h6iaMwPSj5gsABRG0JVBhYmxvIFNtaXJhZ2xp
YSA8cGFibG9zbWlAZHRlLmNvbS5hcj6JARUDBRA4NGzi6iaMwPSj5gsBAZvNCADH
RtKRBPyC2Q+rCvRvcLkwzd8BySx7XY+vq1/N9exMXl7J8Z11cRiXNjMuRjaCwXHb
M4FaY2rUBlfdbWDrVqHU1ORB8jAmNNSZ7uiYa5F+IEb3ymEjLkMKKAUAqx9D/4y7
0pS7p3nEMSTcIXg2u1MA6UtCgH+F0D/2H+1o8iLRoZRBg/oI1B+1PmcRLv8rsXPF
H8gUe1F0FIZvSJCdALFC8dN6kujb96aN+ynmDrzTK8gkpxfGT/lXexWtIzPcxOPs
lDzaQog54i76J8Mk/LVmUWUFebSCnmbgxYsLbeddNBqOFGwhnjHQgIolZURCOZW/
nJNaLOLFqkJrc8y7JO79tDRQYWJsbyBTbWlyYWdsaWEgaG9tZSA8cHNtaXJhZ2xp
YUBkYXRhbWFya2V0cy5jb20uYXI+iQEVAwUQODlPyuomjMD0o+YLAQEoJAf5AXZc
tNx2JMppx4pvmdmPl+mtQ4L+2TqDP+0+otGvSyg2T0TAj7GBS2JbMkZ8XAW3UOJV
mdRA+wssJWs80HWF78nUWQ1YxgvmGFu2vTYmCD+ovjV64W7iqleQ9kMu7dIPODOU
21ojZcOlWojeqJWjexvSozBiidu/HdWPPGQGxp++1sDSqgdh9i0gNSs7fvpv4pvJ
wRdddXvvPUuw/xGLNFj+R5Meref0xKEDtfB0kp16ue+eXyYxtJVma+eXxKbbmMMG
CxqGPUnrnd0tiuzHUfD6X6pKo+0N+pQcGWAkBQGm69iRJjeH9IEhP+LcTVbilXCB
WyrCv3eF9MFWCWx8E7QoUGFibG8gU21pcmFnbGlhIFdlYiA8cHNtaXJhZ2xpYUB1
c2EubmV0PokBFQMFEDg5T+LqJozA9KPmCwEBo9YIAJy79ErUMzVOf5ndL8nptiva
4QTDBAjI2I+0jUDGlmA17ryiZzSNVcdQ0okw1prf9hBZCurEZM3vEIW6DaLUdBle
uwmTFZ0GXOdr4tYhBXlZKObvUqKkHdKmoYgXl+46/FPeBM4pM7k1rxIFIRRd5oQE
MDI5K8wlISZN4aieaZa5EEPw3bIEIpSawGT7o7Ya/eECh6MItnD3InI8Wibp03sM
4GttxfzlRCk4rmCCIYJdBkSh/LQo/ZkB4tMnDNvqrR6Gui+mHvcTkIIDguU6V91v
0Z0Z1vaF0C00/xvXW3RBS9IxFIJ7Hy+iox+b7l5GPcg4oZSMOXGZa7UqeFehCrM=
=oRYu
-----END PGP PUBLIC KEY BLOCK-----
-----Original Message-----
From: Jasper Jans [mailto:[EMAIL PROTECTED]]
Sent: Lunes, 22 de Noviembre de 1999 09:37 a.m.
To: [EMAIL PROTECTED]
Subject: cisco switches and filtering
Hi..
(this might be slightly off topic.. my apologies
here for)
We are using Cisco 2940 switches and I was looking if
it was able to deny all traffic between certain ports
on the switch.
E.g. port 1-20 are all on 1 subnet, deny all traffic
between the ports, but allow all ports to access the
server on the same subnet that is connected to port
21 of the switch.
The reason we want to do this is to prevent end users
from being able to access other pcs/macs on the same
subnet.
If anyone can tell me how - and if this is possible
at all - I'd be really grateful.
Jasper
***************************************************************
* Jasper Jans Vrije Universiteit *
* Email: [EMAIL PROTECTED] ComputerGroep Biologie (M120) *
* Tel: (+31)-(0)20-4447040 De Boelelaan 1087 *
* Fax: (+31)-(0)20-4447123 1081HV Amsterdam *
* Cell: (+31)-(0)6-51811252 Netherlands *
***************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
smime.p7s
