Is anyone using private VLANS in an ISP environment

Unanswered Question
Jun 29th, 2010
User Badges:

Hi, In order to avoid IP address wastage for customers we sell hosting services for, I want to implement private VLANs on our network. It seems this is the ideal time to use private VLANs, but I can't find much discussion or anything about actaully using them in a real world environment.


Is ther anyone who uses them as way to conserve IP addressing and are there any pros and cons to using them for this purpose?


Many Thanks in advance


Dom

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Tue, 06/29/2010 - 23:58
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi, In order to avoid IP address wastage for customers we sell hosting services for, I want to implement private VLANs on our network. It seems this is the ideal time to use private VLANs, but I can't find much discussion or anything about actaully using them in a real world environment.


Is ther anyone who uses them as way to conserve IP addressing and are there any pros and cons to using them for this purpose?


Many Thanks in advance


Dom

Hi Dom,


If you want to use private address scheme in your lan and to have internet access you need to have public ip with private ip natted with one of the real ip address to have communication over the internet.


We used to implement private ip address and do routing stuff for private address in in local to oure network and configure natting with the available public ip address for internet connectivity or hosting a specific server in internet.


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

mwdatacisco Fri, 07/09/2010 - 07:27
User Badges:

One way we have utilized VLAN's is to disallow inter-client communication.  We have vlans setup on our customers that drop into ip un-numbered vlan subinterfaces.  Has worked very well, but is a bit more administrative work to intially set up.

d-fillmore Fri, 07/09/2010 - 07:32
User Badges:

Hi, thanks for your post - Can you elaborate on the way you are doing this?

Are you using private VLANs?



Maybe I should have described my issue better - we have been allocated a range of 24 public addresses and I don't want to keep wasting 5 addresses for every colo/hosting deployment (1 subnet, 1 broadcast, 2 interface and 1 HSRP address)


Cheers, Dom

mwdatacisco Fri, 07/09/2010 - 07:37
User Badges:

Not really, it's a fairly basic setup.  I have a DSLAM configured for vlans on each customer port.  I then have a 802.1q trunk connected to the DSLAM and a trunk connected to the VLAN router.  On my vlan router I have the below configured:


interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
no ip redirects
no cdp enable
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip unnumbered FastEthernet0/1
no cdp enable
!
interface FastEthernet0/1.3
encapsulation dot1Q 3
ip unnumbered FastEthernet0/1
no cdp enable
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip unnumbered FastEthernet0/1
no cdp enable


Of course this is on the public side but I changed the IP scheme for security purposes.  Hope this helps!

d-fillmore Fri, 07/09/2010 - 07:43
User Badges:

Thanks for sharing

Looks like an intuitive way of getting the benefits of private VLANs on a router.


Cheers, Dom

Actions

This Discussion