Re: Private Vlan Issues (PVLAN)

mtrf · ‎02-23-2003

we are going to purchase cisco 3550 switches for our DMZs setup, we would like to utilise the Private VLAN (PVLAN) features in order to protect our individual server from any attack or any compromise servers. Can any body highlight some more on this how best is this to configure pvlans in cisco 3550 switches and is there any issues with Checkpoint Firewall.

where I will get step by step commands. I searched on cisco site but lost myself for finding the step by step documentation.

I find one documentation which was very good but it is for cisco 6500 series switches. please see the link for that http://www.cisco.com/warp/customer/473/90.shtml

Thanks in advance

efrahim · ‎02-23-2003

The only feature which is available from the 6500 to 3550, is the port protected. In 3550, there is no concepts of community vlans etc. Any ports which are not supposed to talk to each other in the same vlan, just configured as port protected. Hope this helps

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12112cea/3550scg/swtrafc.htm#xtocid6

mtrf · ‎02-23-2003

Hi... erfrahim,

Thanks for the info which you provide me... it is very much informative... I went through with that and find lot of difference in the consept of Pvlan between 6500 and 3550.

In Cisco 6500 configuration there is a promiscous mode facility where one of the firewall card is going to connect and all the secondary vlan traffic can flow in to out or out to in will be with premiscous mode port and also between different secondary vlans it will be with the help of routing. what about the Cisco 3550 switch.

1. How cisco 3550 funcitionality work when one of the firewall card is going to connect on switch port with one network address and need routing between some protected servers (or ports), is there any promiscous mode concept in 3550 switch or is there any secondary vlan concept there.

Regards

MAK