The requirement that R7 and R8 be able to talk to other things in the VLAN in the future makes me think perhaps those should be promiscuous members of the parent VLAN. If you need to restrict R2 and R6 from them, you could just modify their private VLAN mapping to exclude the community VLAN that R2 and R6 are in.
Thoughts? On Sat, Jan 12, 2013 at 12:33 PM, Lukasz <[email protected]> wrote: > 1. that is true but R6 fa0/0 is connected to sw2 > > 2. You are right I need two community vlans and one primary to make it > work. I have just tested it and it works. > > > Many thanks for your help. > > > Regards, > Lukasz > > > On 2013-01-12 16:55, Rob Pool wrote: > >> I believe you have two issues with your first solution. >> >> 1. If I remember proctor labs topology correctly, r2's 0/1 interface >> is connected to sw2 and r6's 0/0 is connected to sw1. If that's the >> case, sw protected won't protect you from anything because it doesn't >> work across switches. >> >> 2. If r2 and r6 were connected to the same switch and switch port >> protected, they wouldn't be able to talk to one another but everything >> else in the vlan that's not switch port protected. You said that r6 >> and r2 would talk via layer 3 r1. If r2 and r6 are in the same vlan, >> what mechanism would you use to make that happen? >> >> Based on your requirements, it's my opinion that you need to >> configure a parent vlan and two community vlans. >> >> Sent from my iPhone >> >> On Jan 12, 2013, at 10:01 AM, Lukasz <[email protected]> wrote: >> >> Hi All, >>> >>> >>> I am using proctorlabs to run some tests on private vlans and on >>> switchport protected command. >>> >>> >>> My scenario is as follows: >>> >>> >>> R1 Fa0/1 --- Fa0/1 Cat2 fa0/2 --- Gi0/1 R2 >>> Fa0/6 --- Fa0/0 R6 >>> Fa0/7 --- Fa0/0 R7 >>> Fa0/8 -- Fa0/0 R8 >>> >>> >>> Router interfaces are in 10.1.2.x/24 network where x is routers number. >>> >>> Tasks: >>> - Routers (R2,R6,R7,R8) should be in the same VLAN. >>> - R2 and R6 should talk to each other but they should not be able to >>> talk to R7 and R8. >>> - R7 and R8 should be able to talk to each other and also to other >>> devices in the same vlan (when they will be added in the future). >>> >>> First without any settings on Cat2 I have run ping from R1 to other >>> routers and it was successfull. >>> >>> My suggested solution. Put switchport protected on fa0/2 and fa0/6 so >>> they should be able to talk to each other via Layer 3 device (R1). >>> Put R7 and R8 in community private-vlan so they can talk to >>> each other but not to R2 and R6. >>> >>> Is that logic correct? >>> >>> >>> Thanks for all comments. >>> >>> >>> Regards, >>> Lukasz >>> >>> >>> ______________________________**_________________ >>> For more information regarding industry leading CCIE Lab training, >>> please visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >>> http://onlinestudylist.com/**mailman/listinfo/ccie_rs<http://onlinestudylist.com/mailman/listinfo/ccie_rs> >>> >> > ______________________________**_________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/**mailman/listinfo/ccie_rs<http://onlinestudylist.com/mailman/listinfo/ccie_rs> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
