[29407] in North American Network Operators' Group
Re: maximum active vlans in a cisco 6509
daemon@ATHENA.MIT.EDU (Bennett Todd)
Wed Jun 21 16:07:58 2000
Date: Wed, 21 Jun 2000 16:00:13 -0400
From: Bennett Todd <bet@rahul.net>
To: Stephen Sprunk <ssprunk@cisco.com>
Cc: nanog@merit.edu
Message-ID: <20000621160013.O474@rahul.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="zp3AMgPTa9Mf+MXm"
Content-Disposition: inline
In-Reply-To: <013501bfdbae$6fb72810$212544ab@glock>; from ssprunk@cisco.com on Wed, Jun 21, 2000 at 01:05:05PM -0500
Errors-To: owner-nanog-outgoing@merit.edu
--zp3AMgPTa9Mf+MXm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
2000-06-21-14:05:05 Stephen Sprunk:
> > supporting thousands of vlans
>=20
> Good luck.
Another Cisco dude pointed me at an exciting-sounding option here;
if I correctly understand the material at
<URL:http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_5/cnf=
g_gd/vlans.htm#xtocid2252917>,
the desired isolation and control may be achievable by configuring
one VLAN, and one big horking private VLAN, with each room assigned
an isolated port (in the isolated VLAN), and the router given a
promiscuous port (on the private VLAN). Normally that'd leave the
difficulty (and performance hit) of forcing a one-lung router for
any cross-chatter between isolated ports, but in this case it's
specifically desireable that they cannot talk to each other at all.
-Bennett
--zp3AMgPTa9Mf+MXm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5UR7ML6KAps40sTYRAgr/AJ9JIz3MLdBw7cZWT4Xyniy/yR86ogCdHFep
wGvAs6uLJP9QooProBNmwlE=
=6OVz
-----END PGP SIGNATURE-----
--zp3AMgPTa9Mf+MXm--
