Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
935
Views
10
Helpful
8
Replies

How to isolate Layer two traffic between access layer and core layer in a multi tenant environment?

Go to solution
jmp780718
Level 1
Level 1

‎03-06-2014 09:23 PM - edited ‎03-07-2019 06:34 PM

Hi Guys.

I'm working on a datacenter environment, i implement switching access layer with cisco catalyst 3750X stacking and collapsed Core Layer with Catalys 6500, also is a multi tenant environment, I'm trying to find the best way to isloated the layer two traffic between the server across the date center; i think that one way is thru Private Vlan but this is the best way?; How i can isloated the layer two traffic even at the core layer; I need to implement private vlan on access layer and core layer too?, Is posible to trunking the secondary vlan?; how to send that private Vlan to core layer to islolated even if the traffic is going to core layer.

Thnk yuo so much.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
8 Replies 8

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-07-2014 03:02 AM

It's difficult to say what to do without more details.

Are the servers for each customer in different vlans already or are they all mixed up ?

If they are in their own vlans and you want to keep it entirely separate i would suggest looking at VRF-LIte.

Perhaps you could clarify exactly what the setup is ?

Jon

Go to solution
jmp780718
Level 1
Level 1
In response to Jon Marshall

‎03-07-2014 06:34 AM

Hi Jon.


All the server are in the same vlan using the same ip address space.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
jmp780718
Level 1
Level 1
In response to Jon Marshall

‎03-07-2014 06:37 AM

The default gateway of the server Is a firewall.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to jmp780718

‎03-07-2014 09:18 AM

If the servers are all in the same vlan using the same address space then private vlans would be the thing to use. You could use VACLs but these would get complicated very easily.

Yes you can send secondary vlans across trunk ports from the access to the core/distro layer.

Jon

Go to solution
jmp780718
Level 1
Level 1
In response to Jon Marshall

‎03-07-2014 09:47 AM

Thank you so much jon, do you know if cisco has a configuration guide in order to implement pvlan on access and core layer?.

0 Helpful

Go to solution
Evan Ray
Level 1
Level 1
In response to jmp780718

‎03-07-2014 10:05 AM

This might be of good help to you.

http://blog.ine.com/tag/private-vlan/

0 Helpful

Go to solution
jmp780718
Level 1
Level 1
In response to Evan Ray

‎03-07-2014 11:13 AM

Thank so much, this will be helpful for my.

0 Helpful

Go to solution
jmp780718
Level 1
Level 1
In response to Evan Ray

‎03-08-2014 10:15 PM

Hi Jon. Sorry, Is possible to config a trunk port as Promiscuous port?. Because in my case my router Is a firewall with trunk ports carry several vlans. Thnks you so much.
0 Helpful
Customers Also Viewed These Support Documents