Hi Edward,
just one question, because I thought sometime ago on use private vlan and I
didnīt.
Do you know what happend if two customer, which are connected on the switch
to the isolated vlan, want to exchange traffic with each other ? I think
they canīt.
Another thing, when we implement private vlan can we use trunk to export the
pvlan the another switch ? I am asking because the domain is private not
client or server.
Regards,
Fabio
-----Original Message-----
From: Edward S. Desouza [mailto:edward_desouza@yahoo.com]
Sent: quinta-feira, 15 de fevereiro de 2001 02:48
To: Rich Sena
Cc: cisco-nsp@puck.nether.net
Subject: Re: Private VLANs on the 6509's
Hi,
I finally got a soln :
1. Make A primary pVLAN
2. Create a secondary VLAN as isolated assign all
ports on the switch to the isolated VLAN
3. Set port 15/1 as a promiscous port
Now, each isolated VLAN can ping the default gateway.
( Since 15/1 is a prmiscous port )
Each port cannot ping other ports on the switch due to
isolated VLANs
All other VLANs ( normal VLANS ) cann communicate with
each of the isolated port the router ( since port 15/1
) is configured as a promiscous port.
Tried it out and works fine. THe key was to set 15/1
as a promiscous port !!!!!
Rgds,
Edward
--- Rich Sena <ras@poppa.thick.net> wrote:
>
> Ed you just need to set a trunk between the
> switches... since everyitng is
> in a private vLAN it will have to be routed traffic
> for any hosts on the
> private segment to intercommunicate - i-e: they will
> have to exchange at a
> router or MSFC - not at layer 2
>
> On Feb 14, 2001 Edward S. Desouza reported:
>
> > Hi Guys,
> > Have any of you implemented Private VLANs on
> the
> > 6500 series CISCO switches ? The documentation is
> > pretty sketchy. I need to do the following :
> >
> >
> >
> >
> > 1.Each Customer that co-locates in my IDC will be
> > given an isolated port on the Primary VLAN ( at
> the
> > access layer )
> >
> > 2. The primary and secondary VLAN's will be
> trunked
> > through the MSFC to the distribution layer ( also
> ) a
> > 6500 series.
> >
> > 3. Now, is where my problem starts. I need to
> assign a
> > promiscuos port on my distribution switch.
> >
> > Once I set up the promiscous port and assign it to
> the
> > primary vlan, do I create another VLAN and enable
> > routing between the two VLANs ( primary vlan and
> the
> > new VLAN ? Even after doing so, othervlans in
> other
> > switch blocks cannot access the isolated ports
> even
> > after passing through the distribution switch.
> >
> >
> > Would really appreciate if any of you guys have
> some
> > sample configs.
> > Rgds,
> > Edward
> >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get personalized email addresses from Yahoo! Mail
> - only $35
> > a year! http://personal.mail.yahoo.com/
> >
>
> --
> Rich Sena - ras@thick.net
> ThickNET Consulting
> "On the way to understanding; you understand, and
> forget."
>
=====
Edward S. Desouza
23/24 Manali 5,
Evershine Nagar,
Malad (W),
Bombay 400064.
Tel :9122-8886362
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:29 EDT