Private VLan Issues (PVLAN)

mtrf · ‎02-23-2003

we are going to purchase cisco 3550 switches for our DMZs setup, we would like to utilise the Private VLAN (PVLAN) features in order to protect our individual server from any attack or any compromise servers. Can any body highlight some more on this how best is this to configure pvlans in cisco 3550 switches and is there any issues with Checkpoint Firewall.

where I will get step by step commands. I searched on cisco site but lost myself for finding the step by step documentation.

I find one documentation which was very good but it is for cisco 6500 series switches. please see the link for that http://www.cisco.com/warp/customer/473/90.shtml

Thanks in advance

mchin345 · ‎02-28-2003

The Cisco 3550 family of switches support the private VLAN 'edge' feature (also called the protected port feature). To the best of my knowledge, there is one important difference between private VLAN edge and private VLAN. The Private VLAN edge feature has local significance only (to the switch on which configured). In other words, there is no isolation between two protected ports located on different switches. There are two documents you could refer to. One is 'Private VLAN - Catalyst Switch Support Matrix' at http://www.cisco.com/warp/public/473/63.html and the other is 'Configuring Port-Based Traffic Control' at http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12111ea1/3550scg/swtrafc.htm. Since you are just starting off with your 3550's, you could refer to the 3550 support page. Cisco.com> Technical Support> Hardware Support> LAN & ATM Switches > Catalyst 3500 Series Switches > Catalyst 3550 Series Switches.