01-24-2007 09:42 AM - edited 03-05-2019 01:57 PM
hi all,
can anybody discuss abt pvlans whats the diff between between ordinary vlans and pvlans. comparisons and how we can configure, if anybody can clearly explain this that wil be a great thing.
whats the relation between dynamic vlan and pvlans.
Regds
Binoy
01-24-2007 09:57 AM
Hi Binoy
Private vlans are a security feature. It is about restricting traffic between servers/hosts within the same vlan. So it is a layer 2 feature. In essence you have 3 type of ports
1) promiscuous - can talk to all ports in the private vlan - typically this is the SVI for the vlan which takes care of the routing.
2) community ports - a group of ports that can talk to each other and the promiscuous port.
3) isolated ports - can only talk to promiscuous port.
This allows you to be very granular in the traffic flows within the vlan.
Dynamic vlans are the ability to assign a switchport into a vlan based on the mac-address of the client. You need a Vlan Membership Policy server for these and there is a large administrative overhead to maintain the list of mac address to vlan mappings. It is a very loose form of security as mac addresses can be spoofed quite easily.
HTH
01-26-2007 08:48 PM
hi jon
thanks for your reply.
suppose in a network i've 6 departments like accnts, IT ,Admin... so in such scenario how pvlans are going to help me.
i need to create seperate vlans for each dept, or some other way.
based on the user name of active directory can i allocate the users into seperate vlans,
if i've a an ACS engine 4.1 how it's going to help me.
i will rate all the posts pls give some inputs.
Regards
Binoy.
01-26-2007 08:59 PM
Binoy,
Your scenario doesn't require Pvlans to be configured.
Configure 6 vlans for each department and assign users from that department to that particular VLAN.
I am not sure what you want to do with your ACS server. It is basically used for authencating users logging on to a network device like switches, routers etc
HTH, rate if it does
Narayan
01-26-2007 11:37 PM
hi narayan thanks for your reply.
my scenario is like i've 4 buildings within a campus.building 1 is where i'm going to place my core 6500 and rest 3 building ive 200 users each. total 600 user's in these 3 buliding.my aim is to create vlans, like building 2 will be another vlan so incase if the guy from building 2 comes to building 3 then also he should get access, like by maping the username he should go to the vlan group. i'm not clear like how do i start and from where should i start.
in this scenario in each these building ive 10 3560 switches with fibers connecting directly to 6500.
i've active directory in 2003 server, so im planing to map the user names from this server to acs engine 4.1 for max security.
so how can i start with, ive not dome any implementation like this so if you can give some inputs that wil lbe a great thing.
i wil rate all the posts.
Binoy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide