hello - i am relisting this from this posting because the situation has changed.
we are a church and we are attempting to expand our network. the requirements are to install a general-public wireless-access-point (WAP) on port E1, and have ports E2-48 be part of a community for the church office staff.
we don't want anybody on the E1-WAP to be able to access anything in the church office. i have a setup script below that works fine to meet our requirements, but as soon as i issue either of the following two commands, i am no longer able to access the unit via a webpage:
whenever i issue either of the following commands:
switchport mode private-vlan community
switchport mode private-vlan isolated
i am no longer able to use the webpage interface.
here is the script i have used to configure our 3448 unit thus far:
enable
configure
interface vlan 1
ip address 192.168.0.250 /24
exit
ip default-gateway 192.168.0.1
username admin password admin level 15
vlan database
vlan 1000
exit
interface vlan 1000
private-vlan primary
private-vlan community add 10
private-vlan isolated 20
interface range ethernet e2,e4
interface range ethernet e2-48
switchport mode private-vlan community
switchport private-vlan community 10
interface ethernet e1
switchport mode private-vlan isolated
switchport private-vlan isolated 1000
interface ethernet g4
switchport mode private-vlan promiscuous
switchport private-vlan promiscuous 1000
with this script, i am able to continue to ping from any port E2 through E48 and not port 1. i am also not able to ping any other port from port E1 as required. but i still need to be able to access the web interface from *ANY* port.