[c-nsp] Private VLAN

Manaf Oqlah manafo at gmail.com
Mon Apr 21 10:08:08 EDT 2008 

would you please send me the configuration in brief

thank you

On Mon, Apr 21, 2008 at 5:03 PM, Ibrahim Abo Zaid <ibrahim.abozaid at gmail.com>
wrote:

> if the number of hosts is great , assigning a pair of private primary and
> isolated vlan to each host will be unscalable at all
>
> so it would be better to configure single primary VLAN serves a group
> of community VLANs (each for each host) and not more than 1 host is placed
> in each community VLAN . otherwise if you can group some hosts with matched
> communications requirements into a single community VLAN , it would be
> better
>
> i think this is the most feasible solution from my opinion , do you need
> the configuration of this setup?
>
> best regards
> --Abo Zaid
>
> On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> >
> > Hi Abo Zaid,
> >
> > I will choose option 2 because i want to separate hosts on layer 2 for
> > multiple VLANs but at the same time they should have the same network and
> > same gateway if it is possible.
> > it would be great if you can advice me with another scenario.
> >
> > Regards,
> > Manaf
> >
> > On Mon, Apr 21, 2008 at 4:37 PM, Ibrahim Abo Zaid <
> > ibrahim.abozaid at gmail.com> wrote:
> >
> > >
> > > Hi Manaf
> > >
> > >
> > > as you know primary VLAN can have one isolated VLAN only but have
> > > multiple community VLANs , so we have 2 options here
> > >
> > > 1- make VLANs 200 and 300 isolated VLANs and create other primary VLAN
> > > say 110 so VLAN 200 has VLAN 100 as primary VLAN and VLAN 300 has VLAN 110
> > > as primary
> > >
> > > 2- make either VLAN 200 or 300 isolated and the other community and
> > > both have the VLAN 100 as primary VLAN
> > >
> > > which one you will choose
> > >
> > >
> > > best regards
> > > --Abo Zaid
> > >
> > > On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > > >
> > > > yes they are on the same switch
> > > >
> > > > thanks a lot
> > > >
> > > > On Mon, Apr 21, 2008 at 3:54 PM, Ibrahim Abo Zaid <
> > > > ibrahim.abozaid at gmail.com> wrote:
> > > >
> > > > > Dear Manaf
> > > > >
> > > > >
> > > > > i assume all VLANs on the same switch , i will prepare a
> > > > > configuration template and send it shortly
> > > > >
> > > > >
> > > > > best luck :)
> > > > >
> > > > >
> > > > > Abo Zaid
> > > > >
> > > > >
> > > > > On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > > > > >
> > > > > > thank u Abo Zaid for the reply.
> > > > > >
> > > > > > what i want to do is to isolate vlans on L2 which they are
> > > > > > sharing the same primary VLAN, and at the same time, the hosts on these
> > > > > > isolated vlans can reach L3 ip address of the primary VLAN.
> > > > > >
> > > > > > it is like this
> > > > > >
> > > > > >              interface VLAN100
> > > > > >                          |
> > > > > > -------------VLAN100 (Primary)----------------
> > > > > >                          |
> > > > > > ---------------------------------------------------------
> > > > > >          |                                  |
> > > > > > VLAN200 (isolated)     VLAN300 (isolated)
> > > > > >
> > > > > >
> > > > > > On Mon, Apr 21, 2008 at 2:58 PM, Ibrahim Abo Zaid <
> > > > > > ibrahim.abozaid at gmail.com> wrote:
> > > > > >
> > > > > > > Hi Manaf
> > > > > > >
> > > > > > > what do u mean reach global vlan at L3 ? private VLAN provides
> > > > > > > L2 isolation and L3 should be transparent i mean you can keep hosts ip
> > > > > > > planning and routing policy should match with the L2 topolgy after
> > > > > > > configuring private VLANs  .
> > > > > > >
> > > > > > > if you added more info about your problem or solution , it'd
> > > > > > > be better
> > > > > > >
> > > > > > >
> > > > > > > best regards
> > > > > > > --Abo Zaid
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >  On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > > > > > >
> > > > > > > > I want to segregate traffic between some VLANs at layer 2
> > > > > > > > using private but
> > > > > > > > still can reach the global vlan at layer 3.
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > > > > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > > > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>

More information about the cisco-nsp mailing list