[c-nsp] Secondary VLAN deployment on Metro ETTH
Pavel Skovajsa
pavel.skovajsa at gmail.com
Wed Nov 25 06:17:09 EST 2009
Hi,
yes that is right UNI ports can't talk to each other but only within one
ME3400 switch. If you have more switches and want exactly the same
"switchport protected" functionality on all of them, one solution is to
implement PVLANs.
See
http://www.rfc-editor.org/internet-drafts/draft-sanjib-private-vlan-10.txt for
example.
In my opinion this is a nice feature, but its implementation details are too
hidden from the engineer (similar as CBWFQ for example), so you can only
"trust" that it works and don't have too much options for troubleshooting.
We are forced to separate the end customers on our Metro ISP network due to
an incident where one customer decided it is a good idea to start flooding
nonsense into our L2 segment. PVLAN sounded like a nice solution, but given
to issues below I am open to suggestions how to separatate customer on L2.
-pavel
On Wed, Nov 25, 2009 at 11:43 AM, Asbjorn Hojmark - Lists <lists at hojmark.org
> wrote:
> On Wed, 25 Nov 2009 11:09:12 +0100, you wrote:
>
> > Probably I do not have luck for proper audience for the questions below,
> > whatever the case I have began to test the Private VLAN deployment, and
> ran
> > into strange packet drop issue.
> >
> > The test topology is simple: C7606 Gi1/22 -----fiber-----> Gi0/1
> > ME3400-24TS-A -> Fa0/3 client PC
>
> Why do you want to run PVLAN on the 3400? UNI ports already can't talk
> to each other.
>
> -A
>
More information about the cisco-nsp
mailing list