[c-nsp] Private VLAN questions.
Matthew Crocker
matthew at crocker.com
Thu Aug 4 13:51:19 EDT 2005
> Why not put the schools on their own VLAN and configure the DSLAM
> to not
> filter ARP/to fully bridge for that VLAN.
All schools are in the same VLAN, they share applications and have
inter-school and inter-school-district traffic. The DSLAM is
currently configured to fully bridge the traffic but that opens up
issues when a mis-informed school IT director (you know the type,
the physic teacher that knows where the power is) mis-configures
their firewall and steps all over the default gateway. I have the
schools all working but had an outage where one school took down
another school because they started ARPing for the wrong IP
addresses. PrivateVLAN will protect against that. I'm trying to
avoid hard coding ARP tables in the school firewalls which are a mix
of home-brew Linux, SonicWall and Novell Border Manager.
-Matt
--
Matthew S. Crocker
Vice President
Crocker Communications, Inc.
Internet Division
PO BOX 710
Greenfield, MA 01302-0710
http://www.crocker.com
More information about the cisco-nsp
mailing list