Re: EVC Service Instance from Carlos G Mendioroz on 2010-05-11 (Ccielab archives 05/2010)

From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
Date: Tue, 11 May 2010 09:34:59 -0300

Vlan maps ? Just throwing the idea. With them, you can separate the 2
vlan sets, so to speak. Then the only thing to fix is the common PC
having visibility in both. I guess that can be done with a cable
shorting two ports and a mac filter. You "waste" 2 ES ports though :(

It's amazing the things you can do with a cable :)

-Carlos

Dimitar Mojsovski @ 11/5/2010 8:38 -0300 dixit:
> Hi Guys,
>
> I found myself an interesting scenario that I would like to test and I
> thought maybe someone here has some thoughts on it :
>
> I have two L2 nodes (switches) connecting to separate trunk ports on an
> ES+ linecard on 7600. Behind the swicthes I have end users (test PCs).
> Users on both switches are in the same VLAN, which is passed on the
> trunk to the 7600, and finaly there is an SVI on the 7600. Within the
> same VLAN, there is also one "shared" node (PC) which should be L2
> accessible by all users.
> What I'm trying to accomplish is to block L2 traffic between users on
> Switch1 and Switch2 (obviosly without putting them in separate vlans)
> while they can still reach the shared PC.
> The goals in this setup are to keep the end users within the same Vlan,
> and do not change any config on Switch1 and Switch2 (just as it is not
> under my management).
>
> As to my research, I came up with few possible solutions :
> - VLAN Access Lists - Concerned about performance impact in case of big
> number of mac addresses
> - Private VLANs - I think it's impossible in this scenario because I
> can't put trunk ports as isolated
> - Service Instances - most promising
>
> I plan to re-work the trunk ports with EVCs and manipulate the
> "split-horizon" option on the bridge-domain command :
>
> int gig0/1
> description SW-1
> service instance 400 ethernet
> encapsulation dot1q 400
> rewrite ingress tag pop 1 symmetric
> bridge-domain 400 split-horizon
> !
> !
> int gig0/2
> description SW-2
> service instance 400 ethernet
> encapsulation dot1q 400
> rewrite ingress tag pop 1 symmetric
> bridge-domain 400 split-horizon
> !
> !
>
> Does anyone have a comment on this, weather I'm going in the right
> direction, or maybe share another idea ?
>
> Thanks
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>

-- 
Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net

Received on Tue May 11 2010 - 09:34:59 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:52 ART