From: Akhtar Rasool (akhtar.samo@gmail.com)
Date: Wed Jun 18 2008 - 05:01:40 ART
Hi,
I am planning to use private vlans for customer webservers in DMZ & CAT6509
is having an L2 trunk(port channel) to a non-Cisco Firewall. Since there is
a limitation not to configure private vlans using LaCP/EtherChannel, how
would I define a promiscuous port in this scenario so that private vlan to
primary vlan translation could happen...
In this case can L3 switching would happen b/w private vlans ??
Any help & best practice suggesstion would be appreciable.
**************************************************************************************
vlan 500
name WEB-H_Community
private-vlan community
vtp mode transparent
interface GigabitEthernet2/6
description ***** Web hosting Windows *****
switchport
switchport private-vlan host-association 256 500
switchport mode private-vlan host
no ip address
spanning-tree portfast
!
C6509#show vlan private-vlan
Primary Secondary Type Ports
------- --------- -----------------
------------------------------------------
256 500 community Gi2/6
****************************************************************************
CAT6509)<----L2 Trunk + Port Channel------->(non-Cisco FW w/ L3 interface
Regards,
Akhtar
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:22 ART