PVLAN setup with Cat 2948G & Cat 6000/6500 help
We have a campus LAN with a Cat 6006 with MSFC providing layer 3
routing for approximately 12 VLANs, and about 40 edge switches, mostly
2900XL and 3500XLs for client access. Most of the ports on the edge
switches are set to use PVLAN Edge layer 2 security (ie: "port
protected" or "switchport protected" ), which prevents any layer 2
traffic between ports in the same VLAN on each edge switch. At the
Cat6000 switch (not msfc), specific VLAN ACLs further prevent certain
VLANs from communicating with other clients in the same group of
VLANs. This is designed to allow for campus student access to specific
services while preventing peer to peer file sharing, etc, between any
users on this group of VLANs, and it works as designed, provided PVLAN
edge (protected ports) are enabled on all client switch ports.
We are now trying to add some 2948G switches to this mix, and they do
not support PVLAN edge, according to the Cisco PVLAN compatibility
matrix, but do support full PVLAN modes. What is not clear to me is if
and how we can combine both PVLAN edge switches currently in use, and
the Cat 2948G full PVLAN functionality on the same network, where the
2948G will be used as edge switches for the same group of VLANs. (all
are dynamic VLANs assigned using VMPS on the Cat6000)
We will be bench testing this next week, but if anyone has experience
in a mixed environment like, or even just experience setting up the
2948G or C4000/4500 as an edge switch with PVLANs, I'd appreciate any
help you can offer. I'm aware of the caveat of requiring VTP mode to
be transparent, but not sure of other issues.
|All times are GMT. The time now is 07:53 PM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.