Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
3
Replies

EtherChannel on private-vlan ports 3560G

indicomtg
Level 1
Level 1

‎08-17-2009 05:48 AM - edited ‎03-06-2019 07:16 AM

I am trying to configure LACP EtherChannel on a Cat-3560G.

I connected several server to different Cat-3560G switches on isolated privat-vlan-port. I have one backup-system that I connect on promiscuous port on one single Cat-3560G. All devices are in the same L2 domain. So far this works like expected.

Now I am trying to configure LACP EtherChannel for the backup-system to increase throuput. I wanted to to like in the Cisco Document ID: 98469. Unfortunately EtherChannel configuration is not possible on private-vlan-port.

Any workaround for this problem?

Thank you

Labels:
0 Helpful
3 Replies 3

johnspaulding
Level 1
Level 1

‎08-19-2009 06:50 AM

You need to configure the channel on a non-private-vlan. Thats the only work around I know. You can always restrict the access with an VLAN ACL.

0 Helpful

indicomtg
Level 1
Level 1
In response to johnspaulding

‎08-23-2009 11:28 PM

Ok. I will use ACL instead of private VLAN. Unfortunately It's not as simple as privat VLAN and less secure (?)

0 Helpful

johnspaulding
Level 1
Level 1
In response to indicomtg

‎08-24-2009 04:47 AM

Well, You can get almost as secure as you want it. You could use a VACL

Basically you break it down like this:

access-list TRAFFIC permit (traffic incoming and outgoing to the VLAN)

than create you vlan access-map

vlan access-map TEST 10

match address TRAFFIC

action forward

vlan access-map TEST 20

action drop

vlan filter-list TEST vlan 100 (number of you vlan)

In the first access-map that referances the access-list TRAFFIC you permit all your traffic here. This traffic can be inside the vlan itself too.

example - permit tcp host 10.205.0.1 host 10.205.0.2 - In the same subnet

So thi is a good way to secure traffic inside the vlan you apply to that port. You have full control over what allowed inside and outside with this VACL

Here a good read:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swacl.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card