From: Franck ccie (cciefrank@hotmail.com)
Date: Fri Jan 17 2003 - 12:30:50 GMT-3
I think private Vlan can be use for that .. It allows a isolation
between elements on the same primary Vlan ...
Thanks.
>From: "Fadil" >Reply-To: "Fadil" >To: >Subject: Re: Protected switch
ports >Date: Fri, 17 Jan 2003 06:33:56 -0800 > >Hi > >I could not
understand how you can convince the router to route the packets >coming
from one interface going back again to the same interface. The router
>will send a redirect. How can you make them to communicate with each
other ? >Also for example we have two servers connected to the protected
ports. One >has an ip address 1.1.1.1/24 and the other one has
1.1.1.2/24. >1.1.1.1 wants to send a packet to 1.1.1.2. It will first ARP
for that IP. >And who is gonna reply ? Router's proxy arp has no function
here since they >are on the same interface. >Fadil >----- Original
Message ----- >From: "John Tafasi" >To: "ccielab" ; "Alavalapati,
Abhimanyu V." > >Cc: >Sent: Thursday, January 16, 2003 6:50 PM >Subject:
Re: Protected switch ports > > > > Well, it might be good idea to assign
all the ISP customers to one IP >subnet > > while seperating them at
layer 2. But the question is: if customer A, > > connected to port 1,
realy needs to communicate with another customer > > (customer B) that is
connected to port 2, how would you make them able to > > communicate? The
excerpt below implies that customer A can only >communicate > > with
customer B through a router, but why? they are on the same subnet!!! > >
> > ----- Original Message ----- > > From: "Alavalapati, Abhimanyu V." >
> To: "'John Tafasi'" ; "ccielab" > > > > Sent: Thursday, January 16,
2003 6:45 PM > > Subject: RE: Protected switch ports > > > > > > > Was
designed for ISP's where they did not want to burn up a subnet per > > >
customer, so they had all their customers on one logical subnet and > > >
seperated them at layer 2. We do this in our extranet environment, > > >
> > > -----Original Message----- > > > From: John Tafasi
[mailto:johntafasi@yahoo.com] > > > Sent: Thursday, January 16, 2003 4:45
PM > > > To: ccielab > > > Subject: Protected switch ports > > > > > > >
> > Hi, group, > > > > > > > > > > > > the following is an excerpt from
the ipexpert catalyst 3550 tutorial. > > > Although > > > the
configuration is very simple and understandable, I can not imagine a > >
> situation where you would want to deny two hosts in the same lan from >
> seeing > > > each other. Can some one give an example of a situation
where you would > > want > > > to configure protected ports. > > > > > >
> > > > > > Thanks > > > > > > ============================= > > > > > >
> > > > > > Protected Ports (Similar to Private VLANs) > > > > > > Some
applications require that no traffic be forwarded between ports on > >
the > > > same > > > > > > switch so that one neighbor does not see the
traffic generated by >another > > > neighbor. In > > > > > > such an
environment, the use of protected ports ensures that there is no > > >
exchange of > > > > > > unicast, broadcast, or multicast traffic between
these ports on the > > switch. > > > > > > Protected ports have these
features: > > > > > > A protected port does not forward any traffic
(unicast, multicast, or > > > broadcast) to any > > > > > > other port
that is also a protected port. Traffic cannot be forwarded > > > between
> > > protected > > > > > > ports at Layer 2; all traffic passing between
protected ports must be > > > forwarded through a > > > > > > Layer 3
device. > > > > > > Forwarding behavior between a protected port and a
nonprotected port > > > proceeds > > > as > > > > > > usual. > > > > > >
Switch# configure terminal > > > > > > Switch(config)# interface
gigabitethernet0/1 > > > > > > Switch(config-if)# switchport protected >
> > > > > Switch(config-if)# end > > > > > > You can also disable unknown
multicasts and unicasts from being flooded >to > > a > > > > > >
protected port with the "switchport block unicast," and "switchport
>block > > > multicast" > > > > > > commands. > > > . > > . >.
>__________________________________________________________________ >To
unsubscribe from the CCIELAB list, send a message to
>majordomo@groupstudy.com with the body containing: >unsubscribe ccielab
------------------------------------------------------------------------
MSN Search, le moteur de recherche qui pense comme vous ! Cliquez-ici
.
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:52 GMT-3