PVLAN setup with Cat 2948G & Cat 6000/6500 help

Discussion in 'Cisco' started by swrightsls, Mar 31, 2007.

  1. swrightsls

    swrightsls Guest

    We have a campus LAN with a Cat 6006 with MSFC providing layer 3
    routing for approximately 12 VLANs, and about 40 edge switches, mostly
    2900XL and 3500XLs for client access. Most of the ports on the edge
    switches are set to use PVLAN Edge layer 2 security (ie: "port
    protected" or "switchport protected" ), which prevents any layer 2
    traffic between ports in the same VLAN on each edge switch. At the
    Cat6000 switch (not msfc), specific VLAN ACLs further prevent certain
    VLANs from communicating with other clients in the same group of
    VLANs. This is designed to allow for campus student access to specific
    services while preventing peer to peer file sharing, etc, between any
    users on this group of VLANs, and it works as designed, provided PVLAN
    edge (protected ports) are enabled on all client switch ports.

    We are now trying to add some 2948G switches to this mix, and they do
    not support PVLAN edge, according to the Cisco PVLAN compatibility
    matrix, but do support full PVLAN modes. What is not clear to me is if
    and how we can combine both PVLAN edge switches currently in use, and
    the Cat 2948G full PVLAN functionality on the same network, where the
    2948G will be used as edge switches for the same group of VLANs. (all
    are dynamic VLANs assigned using VMPS on the Cat6000)

    We will be bench testing this next week, but if anyone has experience
    in a mixed environment like, or even just experience setting up the
    2948G or C4000/4500 as an edge switch with PVLANs, I'd appreciate any
    help you can offer. I'm aware of the caveat of requiring VTP mode to
    be transparent, but not sure of other issues.

    swrightsls, Mar 31, 2007
