Re: Private VLANS without promiscuous port from Chris Breece on 2009-04-30 (Ccielab archives 04/2009)

From: Chris Breece <cbreece1_at_gmail.com>
Date: Thu, 30 Apr 2009 19:50:26 -0400

Yea, labs can make you do crazy things for no good reason tho :P

Chris

On Thu, Apr 30, 2009 at 6:32 PM, Roy Waterman <roy.waterman_at_gmail.com>wrote:

> The problem with that Chris is that you get into the situation the pix
> would not be able to talk to:
>
> - other community vlans (if there are any)
> - isolated vlan (if there is one)
>
>
> If there are no other community vlans or no isolated vlan, then if you are
> going to put the pix in the community vlan, then ud have to question why you
> have private vlans in the 1st place, as it would be the same as just
> sticking everything in 1 "normal" access vlan.
>
> 2009/4/30 Chris Breece <cbreece1_at_gmail.com>
>
> Would putting the pix in a community vlan with the other hosts do the
>> trick?
>>
>>
>> Chris
>>
>>
>>
>>
>>
>> On Thu, Apr 30, 2009 at 11:40 AM, Ryan West <rwest_at_zyedge.com> wrote:
>>
>> > Gary,
>> >
>> > You'll need one port configured as promiscuous to forward traffic beyond
>> > your isolated / community ports. Can you change your PIX port to an
>> access
>> > port, configure it as promiscuous and then trunk another interface on
>> the
>> > PIX (assuming you want use dot1q interfaces on the PIX)?
>> >
>> > -ryan
>> >
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> > Gary Braver
>> > Sent: Thursday, April 30, 2009 11:24 AM
>> > To: ccielab_at_groupstudy.com
>> > Subject: Private VLANS without promiscuous port
>> >
>> > Experts .
>> >
>> >
>> >
>> > Been reading / testing private vlans and am stumped on how to make work
>> > when
>> > there are no promiscuous ports.
>> >
>> >
>> >
>> > Setup is that I have a 3560 switch in transparent mode and it has a
>> trunk
>> > connection to a pix firewall. The firewall is the default gateway for
>> the
>> > primary vlan so there are no promiscuous ports on the switch.
>> >
>> >
>> >
>> > Is this possible?
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Regards
> Roy

Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 30 2009 - 19:50:26 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:13 ART