If there aren't promiscuous ports, who are you going to talk to?
Ports in isolated VLANs can't talk to anyone. Ports in Community VLANs
can only talk within their community.
Even if you don't have an IP address on the SVI, I think you would still
need to put the SVI into promiscuous mode in order to get the hosts to
be able to talk to the trunk port on the PIX.
HTH,
*Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,
JNCIE-M #153, JNCIS-ER, CISSP, et al.
JNCI-M, JNCI-ER
smorris_at_internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
Knowledge is power.
Power corrupts.
Study hard and be Eeeeviiiil......
Gary Braver wrote:
> Experts .
>
>
>
> Been reading / testing private vlans and am stumped on how to make work when
> there are no promiscuous ports.
>
>
>
> Setup is that I have a 3560 switch in transparent mode and it has a trunk
> connection to a pix firewall. The firewall is the default gateway for the
> primary vlan so there are no promiscuous ports on the switch.
>
>
>
> Is this possible?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 30 2009 - 11:39:09 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:13 ART