Re: vlans

carl_townshend · ‎07-26-2006

Is it possible to have pc's split via a vlan, yet still on the same subnet, that can see each other ? I have a debate this morning, as there is no point doing that

ariela · ‎07-26-2006

Sorry, I don't understand.

Vlan is a broadcast domain.

Andrea

zerozerotito · ‎07-26-2006

Sorry i dont understand.

Could you tell us what u wanna do exactly?

amit-singh · ‎07-26-2006

Hi carl,

I think you are talking about the Pvlan thing here. This is possible and you can do it using the Pvlan feature on the switches like 3750,4k and 6K's to have the vlan security at layer 2.

The link below might be handy for you.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225sed/scg/swpvlan.htm

HTH

-amit singh

carl_townshend · ‎07-26-2006

so do many people use private vlans ? and do they have the same subnet but are in another vlan ? how does this work, i thought the idea with vlans was to route between them ?

sundar.palaniappan · ‎07-26-2006

PVLANs are very helpful in certain situations. There would be situations where you wouldn't want a host(s) to talk to another host(s) but would want it to communicate with some other host(s) in the same VLAN and this is where PVLANs can help.

An example would better explain the need for PVLAN.

Customer's DMZ is on vlan 10 and there are 3 servers in that vlan. Under normal circumstances if one of the servers is compromised then there's a good chance the other 2 servers could be compromised as well. Instead, if all 3 servers are on their own PVLAN then they couldn't talk to each other though they are on the same VLAN.

Hope that helps!!

Sundar

carl_townshend · ‎07-27-2006

how would I get things in different pvlans to talk to each other ?