RE: Private vlans & 3550

From: Scott Morris (swm@emanon.com)
Date: Fri Sep 30 2005 - 20:58:41 GMT-3

Only protected ports cannot talk to each other. Anything else works like
normal!

  _____

From: Victor Cappuccio [mailto:cvictor@protokolgroup.com]
Sent: Friday, September 30, 2005 11:54 AM
To: swm@emanon.com
Cc: 'Dennis J. Hartmann'; 'James Matrisciano'; 'Roy Dempsey';
ccielab@groupstudy.com
Subject: Re: Private vlans & 3550

Hi ..

So the anyone connected to to protected port can not talk to any protected
port ?
What about the ports that are connected on the same VLAN without the
configuration of the protected part, can they pass traffic to this protected
ports?

Can you please show us an Example about this in real life

Thanks for the Reply Scott

Saludos desde Venezuela / CYA in the BCamp - BTW do you like coffee
Victor

Scott Morris wrote:

It's "edge" as in, it can't be a trunk port. Consider your entire switch is
in two VLANs, half in VLAN 10 half in VLAN 20. Obviously the two VLANs
won't talk to each other unless you configure routing and SVIs. Beyond
that, INSIDE a VLAN, if we configure certain ports as "switchport protected"
then they will never ever talk to each other on an L2 basis. no unicast,
multicast or broadcast.
 
So the logic really isn't the same as a CE/VRF in the MPLS network. It's
only deployed at the access switch itself. If you had two different
switches involved, it really wouldn't have the same effect. Whereas in
"real" private VLANs the restrictions would follow.
 
HTH,
 
Scott
 

  _____

From: Victor Cappuccio [mailto:cvictor@protokolgroup.com]
Sent: Friday, September 30, 2005 12:55 AM
To: Scott Morris
Cc: 'Dennis J. Hartmann'; 'James Matrisciano'; 'Roy Dempsey';
ccielab@groupstudy.com
Subject: Re: Private vlans & 3550

Quick Question
So only on Edge Ports?

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- --------
--------------------------------
Fa0/2 Desg FWD 19 128.2 Edge P2p

What if are talking dot1q or ISL with another switch ?
or maybe a solution using VRF

What means the term Vlan Edge Ports == It's like a CEdge in MPLS? and this
ports looks like an Interface in a VRF?
Thanks

Scott Morris wrote:

They're listed in the release notes as an impending feature. You can do the

private vlan edge ports "switchport protected" though...

Scott

 

-----Original Message-----

From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of

Dennis J. Hartmann

Sent: Thursday, September 29, 2005 11:54 AM

To: 'James Matrisciano'; 'Roy Dempsey'; ccielab@groupstudy.com

Subject: RE: Private vlans & 3550

        I've been reading this conversation and I wanted to share the fact

that private VLANs are NOT supported in the 3550. The 3560 and 3750 has

private VLAN support, but the 3550 does NOT (according to the feature

navigator www.cisco.com/go/fn and the latest documentation).

Cheers,

Dennis Hartmann

-----Original Message-----

From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of

James Matrisciano

Sent: Thursday, June 02, 2005 12:31 PM

To: Roy Dempsey; ccielab@groupstudy.com

Subject: RE: Private vlans & 3550

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_11/conf

ig/pvlans.htm

jm

-----Original Message-----

From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Roy

Dempsey

Sent: Thursday, June 02, 2005 10:16 AM

To: ccielab@groupstudy.com

Subject: Re: Private vlans & 3550

Sorry, my question should have been clearer. I think Scott may have read

between the lines anyway, and answered my question.

My current understanding is that a subset of private vlans is available and

testable (potected ports) but the full implementation of private vlans

(host, isolated, community etc) is not. The documentation seems to confirm

it, although the 3550s have the commands available.

So, as it stands, I should know protected ports. I'm also going to spend a

few minutes looking at how its implemented in the 3750 so I don't get any

nasty

shocks(http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12220

se/3750scg/swpvlan.htm),

and then I'll move on.

I think this looks like a great feature, BTW. I can think of plenty of

places I could use it.

Thanks all,

Roy

On 6/2/05, ccie2be <mailto:ccie2be@nyc.rr.com> <ccie2be@nyc.rr.com> wrote:

  

Lee,

I don't think private vlan's is available on 3550's although there are

plenty of other port security features.

If you have a link for private vlans on a 3550 could you post it

    

please?

  

TIA, Tim

-----Original Message-----

From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf

    

Of Lee

  

Donald

Sent: Thursday, June 02, 2005 9:13 AM

To: Roy Dempsey; Cisco certification

Subject: RE: Private vlans & 3550

Roy,

It is available and it is fair game.

Start learning it !!!

-----Original Message-----

From: Roy Dempsey [mailto:roy.dempsey@gmail.com]

Sent: 02 June 2005 14:04

To: Cisco certification

Subject: Private vlans & 3550

Hi,

I'm not as clear about IOS versions on switches as I am on routers.

Anyone know if the private vlans feature is available on the 3550's

yet? If not is it likely to be? And if it does become available, does

it become fair game on the lab straight away, or should we get an

announcement? 

--

Regards,

Roy

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:17 GMT-3