I feel your pain. Lol Sent from my iPhone
On Jan 12, 2013, at 3:21 PM, Bob McCouch <[email protected]> wrote: > Sigh... The wording is never clear to me... > > Thanks for the input. > > > On Sat, Jan 12, 2013 at 3:13 PM, Rob Pool <[email protected]> wrote: >> The requirement that they talk to other hosts within their own vlan is met >> by adding them to a community vlan. If there was a requirement that they be >> allowed to communicate with hosts outside their immediate vlan than you'd >> make them promiscuous. >> >> Sent from my iPhone >> >> On Jan 12, 2013, at 2:57 PM, Bob McCouch <[email protected]> wrote: >> >>> The requirement that R7 and R8 be able to talk to other things in the VLAN >>> in the future makes me think perhaps those should be promiscuous members of >>> the parent VLAN. If you need to restrict R2 and R6 from them, you could >>> just modify their private VLAN mapping to exclude the community VLAN that >>> R2 and R6 are in. >>> >>> Thoughts? >>> >>> >>> On Sat, Jan 12, 2013 at 12:33 PM, Lukasz <[email protected]> wrote: >>>> 1. that is true but R6 fa0/0 is connected to sw2 >>>> >>>> 2. You are right I need two community vlans and one primary to make it >>>> work. I have just tested it and it works. >>>> >>>> >>>> Many thanks for your help. >>>> >>>> >>>> Regards, >>>> Lukasz >>>> >>>> >>>> On 2013-01-12 16:55, Rob Pool wrote: >>>>> I believe you have two issues with your first solution. >>>>> >>>>> 1. If I remember proctor labs topology correctly, r2's 0/1 interface >>>>> is connected to sw2 and r6's 0/0 is connected to sw1. If that's the >>>>> case, sw protected won't protect you from anything because it doesn't >>>>> work across switches. >>>>> >>>>> 2. If r2 and r6 were connected to the same switch and switch port >>>>> protected, they wouldn't be able to talk to one another but everything >>>>> else in the vlan that's not switch port protected. You said that r6 >>>>> and r2 would talk via layer 3 r1. If r2 and r6 are in the same vlan, >>>>> what mechanism would you use to make that happen? >>>>> >>>>> Based on your requirements, it's my opinion that you need to >>>>> configure a parent vlan and two community vlans. >>>>> >>>>> Sent from my iPhone >>>>> >>>>> On Jan 12, 2013, at 10:01 AM, Lukasz <[email protected]> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> >>>>>> I am using proctorlabs to run some tests on private vlans and on >>>>>> switchport protected command. >>>>>> >>>>>> >>>>>> My scenario is as follows: >>>>>> >>>>>> >>>>>> R1 Fa0/1 --- Fa0/1 Cat2 fa0/2 --- Gi0/1 R2 >>>>>> Fa0/6 --- Fa0/0 R6 >>>>>> Fa0/7 --- Fa0/0 R7 >>>>>> Fa0/8 -- Fa0/0 R8 >>>>>> >>>>>> >>>>>> Router interfaces are in 10.1.2.x/24 network where x is routers number. >>>>>> >>>>>> Tasks: >>>>>> - Routers (R2,R6,R7,R8) should be in the same VLAN. >>>>>> - R2 and R6 should talk to each other but they should not be able to >>>>>> talk to R7 and R8. >>>>>> - R7 and R8 should be able to talk to each other and also to other >>>>>> devices in the same vlan (when they will be added in the future). >>>>>> >>>>>> First without any settings on Cat2 I have run ping from R1 to other >>>>>> routers and it was successfull. >>>>>> >>>>>> My suggested solution. Put switchport protected on fa0/2 and fa0/6 so >>>>>> they should be able to talk to each other via Layer 3 device (R1). >>>>>> Put R7 and R8 in community private-vlan so they can talk to >>>>>> each other but not to R2 and R6. >>>>>> >>>>>> Is that logic correct? >>>>>> >>>>>> >>>>>> Thanks for all comments. >>>>>> >>>>>> >>>>>> Regards, >>>>>> Lukasz >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> For more information regarding industry leading CCIE Lab training, >>>>>> please visit www.ipexpert.com >>>>>> >>>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>>> www.PlatinumPlacement.com >>>>>> >>>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, please >>>> visit www.ipexpert.com >>>> >>>> Are you a CCNP or CCIE and looking for a job? Check out >>>> www.PlatinumPlacement.com >>>> >>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
