Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Private VLAN's or what ?

Reply
Thread Tools

Private VLAN's or what ?

 
 
raptor
Guest
Posts: n/a
 
      03-04-2005
I've read some docs about private vlans (havent grasped the concept yet),
but here is what i want to do.. is it possible with private-vlans or
by any other means :


cisco3750
| | | | |

on the ports are connected, say 5 class-C networks
10.10.10.x/24 to 10.10.15.0/24 in no particular order(mixed)
i.e. an address from a every class C net can be assigned
on any port. (i mean there is no dfferensiation
that 10.10.10.0/24 addresses are on port1,
10.10.11.0/24 on port2 etc..., but they are mixed)

As u expect when the network grows so does the arp and other
broadcast traffic.
What I want to do it to suppress this traffic so that it goes only
to the its "targeted audience", in my case broadcast in 10.10.10.0/24 goes
only to the hosts of this class-C network, but not to the others.

Is this possible with private VLANs and if yes does it have big
impact on the switch performance.
Example if u can ?! will be good too..
 
Reply With Quote
 
 
 
 
Martin Bilgrav
Guest
Posts: n/a
 
      03-04-2005

"raptor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I've read some docs about private vlans (havent grasped the concept yet),


Concept is pretty simple: ports marked as protected can only se unproteced
ports in same VLAN.
Giving this, clients can no longer see eachother, but only - say uplinks -
towards the serverfarms and/or gateway. This way you get additional
protection for fx worms and vuln. spreading from client-to-client
and alot more control over endusers usage of applications etc.

> but here is what i want to do.. is it possible with private-vlans or
> by any other means :
>
>
> cisco3750
> | | | | |
>
> on the ports are connected, say 5 class-C networks
> 10.10.10.x/24 to 10.10.15.0/24 in no particular order(mixed)
> i.e. an address from a every class C net can be assigned
> on any port. (i mean there is no dfferensiation
> that 10.10.10.0/24 addresses are on port1,
> 10.10.11.0/24 on port2 etc..., but they are mixed)
>
> As u expect when the network grows so does the arp and other
> broadcast traffic.
> What I want to do it to suppress this traffic so that it goes only
> to the its "targeted audience", in my case broadcast in 10.10.10.0/24 goes
> only to the hosts of this class-C network, but not to the others.


What you need is plain old goodtime VLANs, segmenting the broadcasts
domains.
You do not tell, if the different IP-nets needs to talk to oneanother ?
ifso, you need some SVI or routerports.


HTH
Martin Bilgrav


 
Reply With Quote
 
 
 
 
raptor
Guest
Posts: n/a
 
      03-04-2005
You do not tell, if the different IP-nets needs to talk to oneanother
?
]- yes they have to be able to talk to each other via layer3, but not
via layer2
if possible offcource and if this does not impact the switch
performance.
i.e. do this at line rate.

How can I segment the boradcast domain in my situation, can u give me
some link ? tia

 
Reply With Quote
 
Toby
Guest
Posts: n/a
 
      03-04-2005

"raptor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I've read some docs about private vlans (havent grasped the concept yet),
> but here is what i want to do.. is it possible with private-vlans or
> by any other means :
>
>
> cisco3750
> | | | | |
>
> on the ports are connected, say 5 class-C networks
> 10.10.10.x/24 to 10.10.15.0/24 in no particular order(mixed)
> i.e. an address from a every class C net can be assigned
> on any port. (i mean there is no dfferensiation
> that 10.10.10.0/24 addresses are on port1,
> 10.10.11.0/24 on port2 etc..., but they are mixed)
>
> As u expect when the network grows so does the arp and other
> broadcast traffic.
> What I want to do it to suppress this traffic so that it goes only
> to the its "targeted audience", in my case broadcast in 10.10.10.0/24 goes
> only to the hosts of this class-C network, but not to the others.
>
> Is this possible with private VLANs and if yes does it have big
> impact on the switch performance.
> Example if u can ?! will be good too..


Not sure what exactly you are getting at here.

If you have 5 class C networks running through a switch without vlans and
using the same broadcast domain and are using Cisco equipment then you must
at present have 5 gateway routers/interfaces to route between them all at
layer 3 (not sure without reviewing my old course notes if secondary network
supports split horizan routing on Cisco routers!!!!, we dont use them).

VLAN's are the only real option here as they will as you require reduce
broadcast traffic and as long as your router/IOS supports Vlan and so able
to route back on to the LAN.

As for performance, yes VLAN operation will increase CPU load slightly but
as less broadcast traffic would be traversing un-needed Lan segments then
this would reduce the load on the switch greatly totally negating any extra
function you have placed on the switch.

Toby


 
Reply With Quote
 
CiscoTech
Guest
Posts: n/a
 
      03-08-2005
This is one of the main reasons for the Vlan configuration is to prevent
all ports from seeing the layer 2 traffic (broadcasts, etc.)

For simplicity sake, lets use the following:

Vlan 10 - 10.10.10.x/24
Vlan 11 - 10.10.11.x/24
Vlan 12 - 10.10.12.x/24
Vlan 13 - 10.10.13.x/24
Vlan 14 - 10.10.14.x/24
Vlan 15 - 10.10.15.x/24


Now with separated vlans, a router would have to be used to route the
different vlan traffic between the vlans.

In your cisco switch, lets say that port 1 was vlan 10, port 2 was vlan
11, port 3 was vlan 12, etc....

Interface Fast Ethernet 0/1
switchport access vlan 10

Interface Fast Ethernet 0/2
switchport access vlan 11

Interface Fast Ethernet 0/3
switchport access vlan 12

Interface Fast Ethernet 0/4
switchport access vlan 13

Interface Fast Ethernet 0/5
switchport access vlan 14

Interface Fast Ethernet 0/6
switchport access vlan 15


This will allow for layer 2 traffic, broadcast such as arp, etc to
remain in the subnet it originated from since broadcast traffic will not
be routed by the router between subnets.

Even when adding more switches, connect the switches by trunking (802.1Q
or ISL) the uplink ports, this allows for all packets to be "tagged"
with the vlan membership of the packet. This way whenever the packet is
recieved by another switch, the destination switch will know the vlan
membership of the packet and the packet will be sent to the port(s) that
are configured with that Vlan.

Performance will not be impacted as long as the switch or switchports
are overloaded, i.e. switchport utilization at 100%, the switch
backplane trying to switch more packets than it is rated for, etc....

We are using this type of set up to separate traffic for 4000+ nodes on
37 vlans through 150+ switches using a Cisco 6509 core switch with the
MSFCII layer 3 (router) card in the supervisor blade to route traffic
between the different vlans.


I hope this helps.....

Curtis


raptor wrote:
> I've read some docs about private vlans (havent grasped the concept yet),
> but here is what i want to do.. is it possible with private-vlans or
> by any other means :
>
>
> cisco3750
> | | | | |
>
> on the ports are connected, say 5 class-C networks
> 10.10.10.x/24 to 10.10.15.0/24 in no particular order(mixed)
> i.e. an address from a every class C net can be assigned
> on any port. (i mean there is no dfferensiation
> that 10.10.10.0/24 addresses are on port1,
> 10.10.11.0/24 on port2 etc..., but they are mixed)
>
> As u expect when the network grows so does the arp and other
> broadcast traffic.
> What I want to do it to suppress this traffic so that it goes only
> to the its "targeted audience", in my case broadcast in 10.10.10.0/24 goes
> only to the hosts of this class-C network, but not to the others.
>
> Is this possible with private VLANs and if yes does it have big
> impact on the switch performance.
> Example if u can ?! will be good too..

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How to keep your private files private Steve Computer Support 1 02-21-2006 08:24 PM
Re: How to keep your private files private HMV Computer Support 0 02-21-2006 04:54 PM
Public Data in Private Class or Private Data in Public Class? DaveLessnau C++ 3 05-16-2005 06:53 PM
RE: Why I use private variables (WAS: RE:"private" variablesa.k.a. name mangling?) Jeremy Bowers Python 3 01-24-2005 10:52 PM
Should 'public virtual' always become 'private virtual'? & using private inheritance qazmlp C++ 19 02-04-2004 12:37 AM



Advertisments