Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
716
Views
0
Helpful
3
Replies

Private Vlans and Trunk ports

davidfield
Level 3
Level 3

‎06-10-2021 12:28 PM

Hello All and thanks in advance for a bit of advice.

 

I have a hospitality site where we have a number of Cisco 9200L switches connected to In Room Ruckus H320 hospitality Access points which have LAN ports to connect a Phone and TV (IPTV).  We provide the AP with  trunk port and relevant vlans.  The IPTV provider has advise we need to provide client isolation for the TVs.  I've ruled out protected ports as an option so looking into Private Vlans however what I cant understand is how it applies to trunk ports nor can I find any examples.

 

My scenario is I have Floor distribution switches with 20gig etherchannels to the core where we have our firewalls.  I cant see how to set the Floor distribution switch channelgroup to promiscuous mode to facilitate the Private Vlan comms.

 

The 2nd issue I have is I can see how to apply the private vlan to the trunk to the Access Point specifically for the connected TV Vlan.

 

Am I on the wrong path here?

 

Id appreciate any input.

David

 

0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎06-10-2021 06:58 PM

Hi,

The IPTV provider has advise we need to provide client isolation for the TVs

It is a good idea to put IPTV in a completely separate VLAN but that does not mean you necessarily need a private VLAN. It really could be any VLAN as long as you are not mixing IPTV clients with other clients like wireless.

 

HTH

0 Helpful

marioiram
Level 1
Level 1

‎06-11-2021 07:50 AM

Hi

 

As Reza mentioned, you don't necessarily need to do private VLANs and from what I understand that type of Ruckus access point has 2 Ethernet ports so think of that access point like a switch.

This is what I'm thinking but keep in mind that I don't know if the access point would allow you to do this, I see there's different types of deployments (managed or stand alone) but I have no experience with Ruckus devices, anyway consider this idea:

 

You'd have to create a separate subnet/vlan at the CORE for TVs (I imagine here's where the layer 3 lives) then permit that VLAN down to the distribution (Cisco 9200L), create VLAN there (layer 2) then permit it on the trunk to the access point and here's why I said think of the access point like a switch because you'd have to see if you can log into the access point and first configure the VLAN (layer 2) and then configure the port where the TV is connected as an access point, see if there's something like you'd config on a cisco switch, switchport mode access, swtichport access vlan x but for Ruckus.

 

HTH

 

0 Helpful

paul driver
VIP
VIP

‎06-11-2021 08:52 AM

Hello
You can negate access between vlans with routed access-lists or isolate specific vlans with vrf's, for intra vlan traffic you have the option for to deny access with vlan access-lists (VACLS), all of which don't require PVLANS


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card