Re: Private VLANS without promiscuous port from Roy Waterman on 2009-04-30 (Ccielab archives 04/2009)

From: Roy Waterman <roy.waterman_at_gmail.com>
Date: Thu, 30 Apr 2009 23:32:07 +0100

The problem with that Chris is that you get into the situation the pix would
not be able to talk to:

- other community vlans (if there are any)
- isolated vlan (if there is one)

If there are no other community vlans or no isolated vlan, then if you are
going to put the pix in the community vlan, then ud have to question why you
have private vlans in the 1st place, as it would be the same as just
sticking everything in 1 "normal" access vlan.

2009/4/30 Chris Breece <cbreece1_at_gmail.com>

> Would putting the pix in a community vlan with the other hosts do the
> trick?
>
>
> Chris
>
>
>
>
>
> On Thu, Apr 30, 2009 at 11:40 AM, Ryan West <rwest_at_zyedge.com> wrote:
>
> > Gary,
> >
> > You'll need one port configured as promiscuous to forward traffic beyond
> > your isolated / community ports. Can you change your PIX port to an
> access
> > port, configure it as promiscuous and then trunk another interface on the
> > PIX (assuming you want use dot1q interfaces on the PIX)?
> >
> > -ryan
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> > Gary Braver
> > Sent: Thursday, April 30, 2009 11:24 AM
> > To: ccielab_at_groupstudy.com
> > Subject: Private VLANS without promiscuous port
> >
> > Experts .
> >
> >
> >
> > Been reading / testing private vlans and am stumped on how to make work
> > when
> > there are no promiscuous ports.
> >
> >
> >
> > Setup is that I have a 3560 switch in transparent mode and it has a trunk
> > connection to a pix firewall. The firewall is the default gateway for
> the
> > primary vlan so there are no promiscuous ports on the switch.
> >
> >
> >
> > Is this possible?
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Regards
Roy
Blogs and organic groups at http://www.ccie.net

Received on Thu Apr 30 2009 - 23:32:07 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:13 ART