[c-nsp] Private VLAN

Pedro Matusse pmatusse at tdm.mz
Mon Apr 21 10:38:33 EDT 2008 

Thanks

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Ibrahim Abo Zaid
Sent: Monday, April 21, 2008 4:13 PM
To: Manaf Oqlah
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Private VLAN

 Hi Manaf and Pedro

currenly i am preparing the configuration and will feed you shortly


best regards
--Abo Zaid



On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
>
> would you please send me the configuration in brief
>
> thank you
>
> On Mon, Apr 21, 2008 at 5:03 PM, Ibrahim Abo Zaid <
> ibrahim.abozaid at gmail.com> wrote:
>
> > if the number of hosts is great , assigning a pair of private primary
> > and isolated vlan to each host will be unscalable at all
> >
> > so it would be better to configure single primary VLAN serves a group
> > of community VLANs (each for each host) and not more than 1 host is
placed
> > in each community VLAN . otherwise if you can group some hosts with
matched
> > communications requirements into a single community VLAN , it would be
> > better
> >
> > i think this is the most feasible solution from my opinion , do you need
> > the configuration of this setup?
> >
> > best regards
> > --Abo Zaid
> >
> > On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > >
> > > Hi Abo Zaid,
> > >
> > > I will choose option 2 because i want to separate hosts on layer 2 for
> > > multiple VLANs but at the same time they should have the same network
and
> > > same gateway if it is possible.
> > > it would be great if you can advice me with another scenario.
> > >
> > > Regards,
> > > Manaf
> > >
> > > On Mon, Apr 21, 2008 at 4:37 PM, Ibrahim Abo Zaid <
> > > ibrahim.abozaid at gmail.com> wrote:
> > >
> > > >
> > > > Hi Manaf
> > > >
> > > >
> > > > as you know primary VLAN can have one isolated VLAN only but have
> > > > multiple community VLANs , so we have 2 options here
> > > >
> > > > 1- make VLANs 200 and 300 isolated VLANs and create other primary
> > > > VLAN say 110 so VLAN 200 has VLAN 100 as primary VLAN and VLAN 300
has VLAN
> > > > 110 as primary
> > > >
> > > > 2- make either VLAN 200 or 300 isolated and the other community and
> > > > both have the VLAN 100 as primary VLAN
> > > >
> > > > which one you will choose
> > > >
> > > >
> > > > best regards
> > > > --Abo Zaid
> > > >
> > > > On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > > > >
> > > > > yes they are on the same switch
> > > > >
> > > > > thanks a lot
> > > > >
> > > > > On Mon, Apr 21, 2008 at 3:54 PM, Ibrahim Abo Zaid <
> > > > > ibrahim.abozaid at gmail.com> wrote:
> > > > >
> > > > > > Dear Manaf
> > > > > >
> > > > > >
> > > > > > i assume all VLANs on the same switch , i will prepare a
> > > > > > configuration template and send it shortly
> > > > > >
> > > > > >
> > > > > > best luck :)
> > > > > >
> > > > > >
> > > > > > Abo Zaid
> > > > > >
> > > > > >
> > > > > > On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > > > > > >
> > > > > > > thank u Abo Zaid for the reply.
> > > > > > >
> > > > > > > what i want to do is to isolate vlans on L2 which they are
> > > > > > > sharing the same primary VLAN, and at the same time, the hosts
on these
> > > > > > > isolated vlans can reach L3 ip address of the primary VLAN.
> > > > > > >
> > > > > > > it is like this
> > > > > > >
> > > > > > >              interface VLAN100
> > > > > > >                          |
> > > > > > > -------------VLAN100 (Primary)----------------
> > > > > > >                          |
> > > > > > > ---------------------------------------------------------
> > > > > > >          |                                  |
> > > > > > > VLAN200 (isolated)     VLAN300 (isolated)
> > > > > > >
> > > > > > >
> > > > > > > On Mon, Apr 21, 2008 at 2:58 PM, Ibrahim Abo Zaid <
> > > > > > > ibrahim.abozaid at gmail.com> wrote:
> > > > > > >
> > > > > > > > Hi Manaf
> > > > > > > >
> > > > > > > > what do u mean reach global vlan at L3 ? private VLAN
> > > > > > > > provides L2 isolation and L3 should be transparent i mean
you can keep hosts
> > > > > > > > ip planning and routing policy should match with the L2
topolgy after
> > > > > > > > configuring private VLANs  .
> > > > > > > >
> > > > > > > > if you added more info about your problem or solution , it'd
> > > > > > > > be better
> > > > > > > >
> > > > > > > >
> > > > > > > > best regards
> > > > > > > > --Abo Zaid
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >  On 4/21/08, Manaf Oqlah <manafo at gmail.com> wrote:
> > > > > > > >
> > > > > > > > > I want to segregate traffic between some VLANs at layer 2
> > > > > > > > > using private but
> > > > > > > > > still can reach the global vlan at layer 3.
> > > > > > > > >
> > > > > > > > > _______________________________________________
> > > > > > > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > > > > > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > > > > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list