From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Tue Oct 31 2006 - 22:44:48 ART
Mike,
Cisco isn't going to list out in detail each and everything they
will cover. If you look at each section in the blueprint Cisco usually
leaves themselves some sort of "and everything else" clause.
As far as private VLANs go the 3560's are being added and they
support private VLANs so you should at least know the basics.
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mike O
Sent: Tuesday, October 31, 2006 11:27 AM
To: adhu_ajit@yahoo.com; Petr Lapukhov; ccielab@groupstudy.com
Subject: Re: Private VLANs and routers
Are private vlans on the blue print? or is that considered "advanced
configuration"?
>From: Adhu Ajit <adhu_ajit@yahoo.com>
>Reply-To: Adhu Ajit <adhu_ajit@yahoo.com>
>To: Petr Lapukhov <petr@internetworkexpert.com>, ccielab@groupstudy.com
>Subject: Re: Private VLANs and routers
>Date: Tue, 31 Oct 2006 09:52:24 -0800 (PST)
>
>Petr, you are right. All the VLANs are actually part of the same subnet
and
>same primary VLAN. What was I thinking when I wrote my first email ??!!
>
> So the router port will just behave as a regular ehthernet interface
>without any trunks terminating on it. The promiscous switch port will
just
>be an access port on the primary VLAN.
>
> Thanks for the clarification.
>
>Petr Lapukhov <petr@internetworkexpert.com> wrote:
> No, you just configure router link as an "access" link in VLAN 100
>(primary).
>You don't need any subinterfaces, and no tagged frames should reach the
>router.
>
>Remember, all nodes share *same* subnet, and *same* primary VLAN
>in essense. It's just level 2 that makes difference, though this is
>transparent
>to end devices (in sense they don't see "additional" VLANs)
>
>interface fa x/y
> description == Link to router
> switchport mode private-vlan promisc
> switchport private-vlan mapping 100 add 10 , 20 , 30
>
>You only need trunks to transport private VLANs between switches.
>
>HTH
>
> 2006/10/31, Adhu Ajit <adhu_ajit@yahoo.com>: Folks, let's say that
>VLANs 10 and 30 are community VLANs and VLAN 20 is a isolated VLAN.
They
>all use VLAN 100 as the main VLAN to reach the router. (In other words,
the
>promisicuous port on the switch is part of VLAN 100 and VLANs 10, 20
and 30
>are mapped to 100)
>
> When I configure the dot1q trunk interface on the router, I'm
assuming
>that I would create one sub-interface each for VLAN 10, 20, 30 and 100.
>
> Any caveats/gotchas that I should know about ?
>
> Thanks in advance.
>
>
>
>---------------------------------
>Everyone is raving about the all-new Yahoo! Mail.
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>--
>Petr Lapukhov, CCIE #16379
>petr@internetworkexpert.com
>
>Internetwork Expert, Inc.
>http://www.InternetworkExpert.com
>Toll Free: 877-224-8987
>Outside US: 775-826-4344
>
>
>---------------------------------
>Access over 1 million songs - Yahoo! Music Unlimited Try it today.
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:07 ART