Ok, I was thinking all 0/0 router interfaces connected to sw1 and all 0/1 interfaces connected to sw2.
Glad it worked for you. Have fun! Sent from my iPhone On Jan 12, 2013, at 12:33 PM, Lukasz <[email protected]> wrote: > 1. that is true but R6 fa0/0 is connected to sw2 > > 2. You are right I need two community vlans and one primary to make it work. > I have just tested it and it works. > > > Many thanks for your help. > > > Regards, > Lukasz > > On 2013-01-12 16:55, Rob Pool wrote: >> I believe you have two issues with your first solution. >> >> 1. If I remember proctor labs topology correctly, r2's 0/1 interface >> is connected to sw2 and r6's 0/0 is connected to sw1. If that's the >> case, sw protected won't protect you from anything because it doesn't >> work across switches. >> >> 2. If r2 and r6 were connected to the same switch and switch port >> protected, they wouldn't be able to talk to one another but everything >> else in the vlan that's not switch port protected. You said that r6 >> and r2 would talk via layer 3 r1. If r2 and r6 are in the same vlan, >> what mechanism would you use to make that happen? >> >> Based on your requirements, it's my opinion that you need to >> configure a parent vlan and two community vlans. >> >> Sent from my iPhone >> >> On Jan 12, 2013, at 10:01 AM, Lukasz <[email protected]> wrote: >> >>> Hi All, >>> >>> >>> I am using proctorlabs to run some tests on private vlans and on switchport >>> protected command. >>> >>> >>> My scenario is as follows: >>> >>> >>> R1 Fa0/1 --- Fa0/1 Cat2 fa0/2 --- Gi0/1 R2 >>> Fa0/6 --- Fa0/0 R6 >>> Fa0/7 --- Fa0/0 R7 >>> Fa0/8 -- Fa0/0 R8 >>> >>> >>> Router interfaces are in 10.1.2.x/24 network where x is routers number. >>> >>> Tasks: >>> - Routers (R2,R6,R7,R8) should be in the same VLAN. >>> - R2 and R6 should talk to each other but they should not be able to talk >>> to R7 and R8. >>> - R7 and R8 should be able to talk to each other and also to other devices >>> in the same vlan (when they will be added in the future). >>> >>> First without any settings on Cat2 I have run ping from R1 to other routers >>> and it was successfull. >>> >>> My suggested solution. Put switchport protected on fa0/2 and fa0/6 so they >>> should be able to talk to each other via Layer 3 device (R1). >>> Put R7 and R8 in community private-vlan so they can talk to each >>> other but not to R2 and R6. >>> >>> Is that logic correct? >>> >>> >>> Thanks for all comments. >>> >>> >>> Regards, >>> Lukasz >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >>> http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
