Private Vlan, uplink and regular vlan communications
Ok so there are hundreds of Private Vlan videos and documents and they all start and end the same way.
They all leave out the non-private vlan and uplink port communications.
primary vlan 50
Isolated vlan 51
promiscuous port to upstream switch 4900m_A
vlan 100 all other servers
I need to isolate my network infrastructure servers with private vlans. These servers do not need to communicate with each other -ever, BUT may need to communicate with other non-infrastructure servers attached on this same switch. Access between private vlans and regular vlans will be controlled by ACLs on the 7600 router. The other servers on this 4900m_B switch are configured in non-Private Vlans (I.E. regular vlans). Infrastructure servers needed to be implemented into the private vlans configuration are Netflow, NMS, ACS and Ciscoworks.
Private vlans 50 and 51 are configured on 4900m_B switch as-well-as regular vlan 100 that is not part of any private vlan configuration.
The link between 4900m_B and 4900M_A is not a trunk link nor is the link between 4900m_A and the 7600 router.
Switch 4900m_A is not configured with private vlans.
Both 4900m switches have the 7600 router as the default gateway (I know this is a strange setup but it's what I received)
Do you think this is going to work?
Can servers in vlan 100 on 4900m_B switch also send frames out the promiscuous port (just like the private vlan devices) so the 7600 router can route them back to vlan 50 to reach the Private Vlan infrastructure servers?
はじめに確認方法Version による Application name の変更について備考参考情報 はじめに本ドキュメントでは Cisco SD-WAN における Policy 上で設定可能な Application を確認する方法について記載しています。 確認方法サポートされている Application name についてはご使用されている vManage へ API を呼び出して確認することが可能です。https://<IP or FQDN>/...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where the spok...
On 24th August 2021, Cisco announced the latest IOS XE release - Cisco IOS XE Bengaluru 17.6.1a
IOS XE 17.6.1a unlocks various routing features and enhancements comprehensively covering different technology segments such as voice, security,...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where th...
SummaryRequirementsConfiguration StepsVerificationFAQTroubleshootingReferences & Tools
In the past when IOS 12.x was hot stuff we used MD5 to authenticate OSPF neighbors. This worked great on ethernet networks because OSPF is a m...