Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
301
Views
8
Helpful
4
Replies

pvlan and configuration

binoyjosephstanly
Level 1
Level 1

‎01-24-2007 09:42 AM - edited ‎03-05-2019 01:57 PM

hi all,

can anybody discuss abt pvlans whats the diff between between ordinary vlans and pvlans. comparisons and how we can configure, if anybody can clearly explain this that wil be a great thing.

whats the relation between dynamic vlan and pvlans.

Regds

Binoy

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎01-24-2007 09:57 AM

Hi Binoy

Private vlans are a security feature. It is about restricting traffic between servers/hosts within the same vlan. So it is a layer 2 feature. In essence you have 3 type of ports

1) promiscuous - can talk to all ports in the private vlan - typically this is the SVI for the vlan which takes care of the routing.

2) community ports - a group of ports that can talk to each other and the promiscuous port.

3) isolated ports - can only talk to promiscuous port.

This allows you to be very granular in the traffic flows within the vlan.

Dynamic vlans are the ability to assign a switchport into a vlan based on the mac-address of the client. You need a Vlan Membership Policy server for these and there is a large administrative overhead to maintain the list of mac address to vlan mappings. It is a very loose form of security as mac addresses can be spoofed quite easily.

HTH

binoyjosephstanly
Level 1
Level 1
In response to Jon Marshall

‎01-26-2007 08:48 PM

hi jon

thanks for your reply.

suppose in a network i've 6 departments like accnts, IT ,Admin... so in such scenario how pvlans are going to help me.

i need to create seperate vlans for each dept, or some other way.

based on the user name of active directory can i allocate the users into seperate vlans,

if i've a an ACS engine 4.1 how it's going to help me.

i will rate all the posts pls give some inputs.

Regards

Binoy.

0 Helpful

royalblues
Level 10
Level 10
In response to binoyjosephstanly

‎01-26-2007 08:59 PM

Binoy,

Your scenario doesn't require Pvlans to be configured.

Configure 6 vlans for each department and assign users from that department to that particular VLAN.

I am not sure what you want to do with your ACS server. It is basically used for authencating users logging on to a network device like switches, routers etc

HTH, rate if it does

Narayan

binoyjosephstanly
Level 1
Level 1
In response to royalblues

‎01-26-2007 11:37 PM

hi narayan thanks for your reply.

my scenario is like i've 4 buildings within a campus.building 1 is where i'm going to place my core 6500 and rest 3 building ive 200 users each. total 600 user's in these 3 buliding.my aim is to create vlans, like building 2 will be another vlan so incase if the guy from building 2 comes to building 3 then also he should get access, like by maping the username he should go to the vlan group. i'm not clear like how do i start and from where should i start.

in this scenario in each these building ive 10 3560 switches with fibers connecting directly to 6500.

i've active directory in 2003 server, so im planing to map the user names from this server to acs engine 4.1 for max security.

so how can i start with, ive not dome any implementation like this so if you can give some inputs that wil lbe a great thing.

i wil rate all the posts.

Binoy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card