Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
2
Replies

Private VLANs across IDC

ishah
Level 1
Level 1

‎10-04-2001 06:55 AM - edited ‎03-01-2019 06:49 PM

Hi,

Has anyone implemented Private VLANs across multiple switches ?

I am assuming my distribution layers switches will be VTP mode Server and my Server Access Layer switches will be VTP Mode transparent to cater for spanning the Private VLANs across the server access layer.

The reason for doing this is to maintain security whilst maintaing a flat address space. In testing it seems to work but the CCO documentation is vague without any reference on implementation.

I am aware of the ASIC and Routing caveats.

Any help or experience would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

ciscomoderator
Community Manager
Community Manager

‎10-10-2001 02:13 PM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you, or there is no public information available at this time. If you don't get a suitable response to your post, you may wish to review our resources at the online http://www.cisco.com/go/solutions. You may also contact our product information line at 1-800-553-NETS or a Cisco Systems Engineer at your local Cisco office or reseller. To locate your local Cisco representative, visit http://www.cisco.com/warp/public/687/Directory.shtml

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful

ishah
Level 1
Level 1
In response to ciscomoderator

‎10-22-2001 01:46 AM

Hi,

I have done more work with Private VLANs and found the following out.

My work and deployments have been with 6.1.4 K9.

PVLANs work great for a single or few switches. This is due to the following.

If you have a VTP Server/Client architecture - you cannot use Private VLANs.

Private VLANs do work across Switches but it is better to have the switches configured as Servers, Create your VLANs and change the switches to transparent later.

There seems to be a scalability issue that makes using PVLANS in IDC's somewhat problematic in that if you were to create a new VLAN, you would have to go to each switch and create the VLAN as your server access layer switches would now be VTP Transparent.

You can mix and match multiple isolated, community PVLANs on the same ASICs but you can't seem to mix promiscuous and the other types on the same ASIC.

Having said that, the solution seems to work well and does offer complete layer two seperation.

I wonder if Cisco intend progress PVLAN technology to include VTP Server and Client Switches ?

Thought the above might be useful for others

Inti

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card