08-17-2009 05:48 AM - edited 03-06-2019 07:16 AM
I am trying to configure LACP EtherChannel on a Cat-3560G.
I connected several server to different Cat-3560G switches on isolated privat-vlan-port. I have one backup-system that I connect on promiscuous port on one single Cat-3560G. All devices are in the same L2 domain. So far this works like expected.
Now I am trying to configure LACP EtherChannel for the backup-system to increase throuput. I wanted to to like in the Cisco Document ID: 98469. Unfortunately EtherChannel configuration is not possible on private-vlan-port.
Any workaround for this problem?
Thank you
08-19-2009 06:50 AM
You need to configure the channel on a non-private-vlan. Thats the only work around I know. You can always restrict the access with an VLAN ACL.
08-23-2009 11:28 PM
Ok. I will use ACL instead of private VLAN. Unfortunately It's not as simple as privat VLAN and less secure (?)
08-24-2009 04:47 AM
Well, You can get almost as secure as you want it. You could use a VACL
Basically you break it down like this:
access-list TRAFFIC permit (traffic incoming and outgoing to the VLAN)
than create you vlan access-map
vlan access-map TEST 10
match address TRAFFIC
action forward
vlan access-map TEST 20
action drop
vlan filter-list TEST vlan 100 (number of you vlan)
In the first access-map that referances the access-list TRAFFIC you permit all your traffic here. This traffic can be inside the vlan itself too.
example - permit tcp host 10.205.0.1 host 10.205.0.2 - In the same subnet
So thi is a good way to secure traffic inside the vlan you apply to that port. You have full control over what allowed inside and outside with this VACL
Here a good read:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: