Private Vlan Question
So I understand how Private Vlans work and that they allow us to not waste IP space. My question is about how they help us save Vlan IDs?
Comments
-
Zartanasaurus
Member Posts: 2,008 ■■■■■■■■□□
If you had 100 customers and wanted to separate them at layer 2, how many vlans would you need?
How many would you need if you used private-vlans?Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Jackace
Member Posts: 335
Without private vlans you need 100. With private vlans you need 1 primary and 100 secondary. -
Zartanasaurus
Member Posts: 2,008 ■■■■■■■■□□
Why do you need 100 secondary? How do the secondary vlans work?Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Jackace
Member Posts: 335
I guesd what you are getting at is we can use the same isolated private vlan for all 100. I guess that is what my original question should have been. Can we use the same isolated private vlan for each user? If so then how do the switches know which port is which?
Edit - Okay I did some more digging and found a few Cisco docs on Private Vlans and an INE blog by Petr Lapukhov. The OCG doesn't do a very good job explaining this IMO. Yes we can use the same isolate private van for all isolated customers/users. Ports configured as isolated only talk with ports configured as promiscuous and no other ports. This allows us to use the same private vlan for all isolated ports. The promiscuous ports on the other hand can talk to all ports associated with same primary vlan assigned to that port. Petr did a good job explaining it for me and it made a lot more sense. You can find his blog at the link below.
http://blog.ine.com/2008/01/31/understanding-private-vlans/