[c-nsp] Private VLANs for customer isolation on sup720/12.2(33)
Phil Mayers
p.mayers at imperial.ac.uk
Tue Apr 19 10:38:12 EDT 2011
On 19/04/11 15:09, Pavel Skovajsa wrote:
> In order to make use of this design the downstream switches (where you
> connect the customer devices), would need to understand private-vlans in
Well, they don't understand private vlans.
> order to join the primary (downstream) and secondary (upstream) traffic.
> For that to work you would need to allow also the primary vlan on the
> Te1/1 trunk. You would not really need the "private-vlan trunk" feature,
> you can transport them on a normal trunk port (and join them on the
> access switch).
>
> The "private-vlan trunk" feature is useful in a scenario where one port
> (Te1/x) belongs to one customer and you are handing over multiple
> secondary vlans over that port. This seems like is not your case. BTW I
> believe it is supported on latest CatOS...:)
Really? Because the IOS docs for Cat4500 imply that it is used when the
downstream switch does not support private vlans:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/54sg/configuration/guide/pvlans.html#wp1181903
More information about the cisco-nsp
mailing list