Re: Private VLAN's

markoldhamuk · ‎03-14-2011

As part of our PCI-DSS project I’m trying to segment and secure our web servers that handle card payments as much as possible.

I’m looking to implement one or more Private VLAN’s so that all my websites that handle card payments can be placed in the same VLAN/subnet but can’t talk to each other but are able to talk to the default gateway.

Am I correct in thinking I would need to patch the servers into a 3560 or 3750 EMI switch to accomplish this? Also is there anything else I would need to do to accomplish this?

Thank you for taking the time to read my post.

Kind Regards

Mark.

Latchum Naidu · ‎03-14-2011

Hi Mark,

What you are thinking is correct for your scenario.
Please see the below link to get clear informaiton about PVLAN's and it benefits and example configurations.

http://blog.ine.com/2008/01/31/understanding-private-vlans/

Please rate the helpfull posts.
Regards,
Nadiu.

markoldhamuk · ‎03-14-2011

.

Rahul Kukreja · ‎03-14-2011

Hi Mark,

The most important part in designing would be your VTP Configuration.

The VTP mode shld be transparent if you are using PVLAN on the switch.

Regs,

Rahul

markoldhamuk · ‎03-14-2011

I was going to ask about my VTP domain.

We are running VTP and wasn't sure if I needed to configure anything on our core switches which are 4507R-E. We don't put end hosts into these switches which is why I wanted to use something like a 3750 or 3560.

So am I correct in thinking that I just need to add either a 3560 or 3750 into our infrastructure as usually but use Transparent VTP on the switch rather than client and then only add the PVLAN's on the new 3560/3750?

I guess I might need to add the primary VLAN to the VTP Server and do the isolated and community VLANs on the Transpartent switch.

Cheers

Mark