[c-nsp] Private VLAN

Ibrahim Abo Zaid ibrahim.abozaid at gmail.com
Mon Apr 21 10:03:39 EDT 2008


if the number of hosts is great , assigning a pair of private primary and
isolated vlan to each host will be unscalable at all

so it would be better to configure single primary VLAN serves a group
of community VLANs (each for each host) and not more than 1 host is placed
in each community VLAN . otherwise if you can group some hosts with matched
communications requirements into a single community VLAN , it would be
better

i think this is the most feasible solution from my opinion , do you need the
configuration of this setup?

best regards
--Abo Zaid

On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
>
> Hi Abo Zaid,
>
> I will choose option 2 because i want to separate hosts on layer 2 for
> multiple VLANs but at the same time they should have the same network and
> same gateway if it is possible.
> it would be great if you can advice me with another scenario.
>
> Regards,
> Manaf
>
> On Mon, Apr 21, 2008 at 4:37 PM, Ibrahim Abo Zaid <
> ibrahim.abozaid at gmail.com> wrote:
>
> >
> > Hi Manaf
> >
> >
> > as you know primary VLAN can have one isolated VLAN only but have
> > multiple community VLANs , so we have 2 options here
> >
> > 1- make VLANs 200 and 300 isolated VLANs and create other primary VLAN
> > say 110 so VLAN 200 has VLAN 100 as primary VLAN and VLAN 300 has VLAN 110
> > as primary
> >
> > 2- make either VLAN 200 or 300 isolated and the other community and both
> > have the VLAN 100 as primary VLAN
> >
> > which one you will choose
> >
> >
> > best regards
> > --Abo Zaid
> >
> > On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > >
> > > yes they are on the same switch
> > >
> > > thanks a lot
> > >
> > > On Mon, Apr 21, 2008 at 3:54 PM, Ibrahim Abo Zaid <
> > > ibrahim.abozaid at gmail.com> wrote:
> > >
> > > > Dear Manaf
> > > >
> > > >
> > > > i assume all VLANs on the same switch , i will prepare a
> > > > configuration template and send it shortly
> > > >
> > > >
> > > > best luck :)
> > > >
> > > >
> > > > Abo Zaid
> > > >
> > > >
> > > > On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > > > >
> > > > > thank u Abo Zaid for the reply.
> > > > >
> > > > > what i want to do is to isolate vlans on L2 which they are sharing
> > > > > the same primary VLAN, and at the same time, the hosts on these isolated
> > > > > vlans can reach L3 ip address of the primary VLAN.
> > > > >
> > > > > it is like this
> > > > >
> > > > >              interface VLAN100
> > > > >                          |
> > > > > -------------VLAN100 (Primary)----------------
> > > > >                          |
> > > > > ---------------------------------------------------------
> > > > >          |                                  |
> > > > > VLAN200 (isolated)     VLAN300 (isolated)
> > > > >
> > > > >
> > > > > On Mon, Apr 21, 2008 at 2:58 PM, Ibrahim Abo Zaid <
> > > > > ibrahim.abozaid at gmail.com> wrote:
> > > > >
> > > > > > Hi Manaf
> > > > > >
> > > > > > what do u mean reach global vlan at L3 ? private VLAN provides
> > > > > > L2 isolation and L3 should be transparent i mean you can keep hosts ip
> > > > > > planning and routing policy should match with the L2 topolgy after
> > > > > > configuring private VLANs  .
> > > > > >
> > > > > > if you added more info about your problem or solution , it'd be
> > > > > > better
> > > > > >
> > > > > >
> > > > > > best regards
> > > > > > --Abo Zaid
> > > > > >
> > > > > >
> > > > > >
> > > > > >  On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > > > > >
> > > > > > > I want to segregate traffic between some VLANs at layer 2
> > > > > > > using private but
> > > > > > > still can reach the global vlan at layer 3.
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > > > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>


More information about the cisco-nsp mailing list