[c-nsp] PVLAN

Thu Jun 29 04:16:32 EDT 2006

Ok. Let say I have two providers (p1 and p2) connected to my peering LAN
and they both peer with me. Since this is a LAN segment they can
exchange traffic either by mistake or just configuring a route-map to
set the next-hop. I believe the best way to stop this is at layer two.
Remember that all these providers connect to me on the same vlan.

	p1	p2
	|	|
	|	|
	|	|
	|	|access vlan 3(should only allow p2 mac and me mac)
	--------- 
	    |	LAN segment
	    |
	    |
	    me (interface vlan 3) - this is the 7609 box

On p1, access vlan 3 (should only allow p1 mac and me mac)

Currently there is no traffic between p1 and p2 thru me and they should
never be but that could change and I don't want to find myself in that
situation.

Thanks in advance.
Mathias,

-----Original Message-----
From: Asbjorn Hojmark - Lists [mailto:lists at hojmark.org] 
Sent: Wednesday, June 28, 2006 6:41 PM
To: Mathias Kenfack-Tabakem (LON)
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] PVLAN

>> What are you trying to achieve with that MAC filter? 

> I am trying to stop my carriers or transit customers dumping
> unwanted traffic on my peering LAN.

What do you mean "unwanted"? Like AppleTalk or IPX?
What *exactly* would you be filtering with it?

> By having a mac acl I control at layer2 the flow of traffic.

I know what MAC ACLs does. I don't see how that applies to what
you're describing. There may well be better solutions for the
problem you're trying to solve.

-A

This e-mail is intended only for the use of the addressees named above and may be confidential. 
If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than the addressees of its existence or contents. 