Re: Private vlans & 3550

From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Fri Sep 30 2005 - 12:54:11 GMT-3

• Next message: Deep Ratan: "Re: layer-2 interview question"
• Previous message: Sean C: "Re: layer-2 interview question"
• Maybe in reply to: Victor Cappuccio: "Re: Private vlans & 3550"
• Next in thread: Victor Cappuccio: "Re: Private vlans & 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi ..

So the anyone connected to to protected port can not talk to any
protected port ?
What about the ports that are connected on the same VLAN without the
configuration of the protected part, can they pass traffic to this
protected ports?

Can you please show us an Example about this in real life

Thanks for the Reply Scott

Saludos desde Venezuela / CYA in the BCamp - BTW do you like coffee
Victor

Scott Morris wrote:

> It's "edge" as in, it can't be a trunk port. Consider your entire
> switch is in two VLANs, half in VLAN 10 half in VLAN 20. Obviously
> the two VLANs won't talk to each other unless you configure routing
> and SVIs. Beyond that, INSIDE a VLAN, if we configure certain ports
> as "switchport protected" then they will never ever talk to each other
> on an L2 basis. no unicast, multicast or broadcast.
>
> So the logic really isn't the same as a CE/VRF in the MPLS network.
> It's only deployed at the access switch itself. If you had two
> different switches involved, it really wouldn't have the same effect.
> Whereas in "real" private VLANs the restrictions would follow.
>
> HTH,
>
> Scott
>
>
> ------------------------------------------------------------------------
> *From:* Victor Cappuccio [mailto:cvictor@protokolgroup.com]
> *Sent:* Friday, September 30, 2005 12:55 AM
> *To:* Scott Morris
> *Cc:* 'Dennis J. Hartmann'; 'James Matrisciano'; 'Roy Dempsey';
> ccielab@groupstudy.com
> *Subject:* Re: Private vlans & 3550
>
> Quick Question
> So only on Edge Ports?
>
> Interface Role Sts Cost Prio.Nbr Type
> ---------------- ---- --- --------- --------
> --------------------------------
> Fa0/2 Desg FWD 19 128.2 Edge P2p
>
> What if are talking dot1q or ISL with another switch ?
> or maybe a solution using VRF
>
> What means the term Vlan Edge Ports == It's like a CEdge in MPLS? and
> this ports looks like an Interface in a VRF?
> Thanks
>
>
> Scott Morris wrote:
>
>>They're listed in the release notes as an impending feature. You can do the
>>private vlan edge ports "switchport protected" though...
>>
>>Scott
>>
>>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>Dennis J. Hartmann
>>Sent: Thursday, September 29, 2005 11:54 AM
>>To: 'James Matrisciano'; 'Roy Dempsey'; ccielab@groupstudy.com
>>Subject: RE: Private vlans & 3550
>>
>> I've been reading this conversation and I wanted to share the fact
>>that private VLANs are NOT supported in the 3550. The 3560 and 3750 has
>>private VLAN support, but the 3550 does NOT (according to the feature
>>navigator www.cisco.com/go/fn and the latest documentation).
>>
>>Cheers,
>>Dennis Hartmann
>>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>James Matrisciano
>>Sent: Thursday, June 02, 2005 12:31 PM
>>To: Roy Dempsey; ccielab@groupstudy.com
>>Subject: RE: Private vlans & 3550
>>
>>http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_11/conf
>>ig/pvlans.htm
>>
>>
>>jm
>>
>>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Roy
>>Dempsey
>>Sent: Thursday, June 02, 2005 10:16 AM
>>To: ccielab@groupstudy.com
>>Subject: Re: Private vlans & 3550
>>
>>Sorry, my question should have been clearer. I think Scott may have read
>>between the lines anyway, and answered my question.
>>
>>My current understanding is that a subset of private vlans is available and
>>testable (potected ports) but the full implementation of private vlans
>>(host, isolated, community etc) is not. The documentation seems to confirm
>>it, although the 3550s have the commands available.
>>
>>So, as it stands, I should know protected ports. I'm also going to spend a
>>few minutes looking at how its implemented in the 3750 so I don't get any
>>nasty
>>shocks(http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12220
>>se/3750scg/swpvlan.htm),
>>and then I'll move on.
>>
>>I think this looks like a great feature, BTW. I can think of plenty of
>>places I could use it.
>>
>>Thanks all,
>>Roy
>>
>>On 6/2/05, ccie2be <ccie2be@nyc.rr.com> wrote:
>>
>>
>>>Lee,
>>>
>>>I don't think private vlan's is available on 3550's although there are
>>>plenty of other port security features.
>>>
>>>If you have a link for private vlans on a 3550 could you post it
>>>
>>>
>>please?
>>
>>
>>>TIA, Tim
>>>
>>>-----Original Message-----
>>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>>
>>>
>>Of Lee
>>
>>
>>>Donald
>>>Sent: Thursday, June 02, 2005 9:13 AM
>>>To: Roy Dempsey; Cisco certification
>>>Subject: RE: Private vlans & 3550
>>>
>>>Roy,
>>>
>>>It is available and it is fair game.
>>>
>>>Start learning it !!!
>>>
>>>
>>>
>>>-----Original Message-----
>>>From: Roy Dempsey [mailto:roy.dempsey@gmail.com]
>>>Sent: 02 June 2005 14:04
>>>To: Cisco certification
>>>Subject: Private vlans & 3550
>>>
>>>Hi,
>>>
>>>I'm not as clear about IOS versions on switches as I am on routers.
>>>
>>>Anyone know if the private vlans feature is available on the 3550's
>>>yet? If not is it likely to be? And if it does become available, does
>>>it become fair game on the lab straight away, or should we get an
>>>announcement?
>>>
>>>--
>>>Regards,
>>>Roy
>>>
>>>
>>>
>>>
>>_______________________________________________________________________
>>
>>
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>_______________________________________________________________________
>>
>>
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>
>>
>>--
>>Regards,
>>Roy
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html

• Next message: Deep Ratan: "Re: layer-2 interview question"
• Previous message: Sean C: "Re: layer-2 interview question"
• Maybe in reply to: Victor Cappuccio: "Re: Private vlans & 3550"
• Next in thread: Victor Cappuccio: "Re: Private vlans & 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:17 GMT-3