From: Scott Morris (swm@emanon.com)
Date: Tue Nov 18 2003 - 09:27:36 GMT-3
And why would that be a layer 3 thing only? The VLAN map commands are
designed to work within the SWITCH part (e.g. layer 2 thinking), but
allow you to filter on both L3 and L2 stuff (ip access list or mac
access list). If you apply an ip access list to the vlan interface,
that is not a vlan map, and filters only stuff that passes THROUGH the
SVI, not intra-switch traffic.
But otherwise VLAN maps will work just fine at L2 or L3 if configured as
such.
This could be used to emulate a community VLAN, but would be a bit more
of a pain in the butt to configure. :)
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP, JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jason Buszta
Sent: Tuesday, November 18, 2003 7:15 AM
To: Henry Chou
Cc: swm@emanon.com; Nick.Jaksec@acs-inc.com; ccielab@groupstudy.com
Subject: RE: PVLAN on 3550
You could always use a VLAN MAP to isolate traffic on the same VLAN sort
like Private VLANS on a 3550. Keep in mind though this will only
isolate
Layer-3 traffic and NOT Layer-2.
On another note has anyone tried routing private VLANS accross switches?
i.e. You have 4 servers and two switches, and a firewall. 2 servers
pluged into each switch and a connection exist between the swithes.
All
of the servers are in the same subnet however you would like 2 of the
servers to be in 100% isolated layer-2 broadcast domains and the other
two servers in the same community and can talk to each other. All
servers should be able to talk to the PIX firewall in switch a? Is this
possible? I am guessing due to the restriction of communities only on
4000 and above it can be done? I guess you could do it with a 4000 and
a
3550 if you grouped them properly with only edge features?
Ideas?
On Mon, 17 Nov 2003, Henry Chou wrote:
> 3550 does not support full PVLAN, meaning you cannot configure
> community
> ...etc. It only supports PVLAN edge.
>
>
> From: "Scott Morris" <swm@emanon.com>
> To: "'Jaksec, Nick'" <Nick.Jaksec@acs-inc.com>,
> <ccielab@groupstudy.com>
> Subject: RE: PVLAN on 3550
> Date: Mon, 17 Nov 2003 13:12:03 -0500
>
> If you read the release notes for the 3550, you will see that the
> commands are included, but currently have no effect. It's a "pending"
> thing...
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> CISSP, JNCIS, et al. IPExpert CCIE Program Manager
> IPExpert Sr. Technical Instructor
> swm@emanon.com/smorris@ipexpert.net
> http://www.ipexpert.net
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Jaksec, Nick
> Sent: Monday, November 17, 2003 1:09 PM
> To: 'ccielab@groupstudy.com'
> Subject: PVLAN on 3550
>
>
> I notice on a 3550 switch running EMI that it has the PVLAN commands.
> Can this be done even though I see no documentation on Cisco's website
> pertaining to a 3550. I only see it referencing a 4006 or 6500 switch.
> Any thoughts would be appreciated, thanks!
>
> _________________________________________________________________
> Great deals on high-speed Internet access as low as $26.95.
> https://broadband.msn.com (Prices may vary by service area.)
>
> ______________________________________________________________________
> _
> Please help support GroupStudy by purchasing your study materials
from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:13 GMT-3