Not if the only port that is a promiscuous port is the firewall interface. But you still need an acl on that interface to stop a sql server from one company communicating with an sql server from another company ie. private vlans would stop them communicating with each other at L2 but they could still communciate at L3 via the promiscuous port unless you use an acl.
"can trunk ports facilitate such traffic" - not sure what you mean. Trunks will carry the vlan information and also any secondary vlan information for the private vlans.
"do private vlans eliminate vlan
tagging etc" - no not on a trunk link as there would then be no way for switches to distinguish between vlans otherwise.
So all the companies sql servers are from the same IP subnet ?
There are alternatives to what you are proposing if you need full separation -
1) Use subinterfaces on your firewall and allocate sql servers into different IP subnets
Following on from 1) you could one step further and use VRF-lite (if your switch supported it) and this provides complete separation at the control plane as well.
2) Use a context for each customer. You would obviously need context licenses on your firewall for this, if your firewall indeed supports contexts.
Generally speaking unless you have an IP addressing issue i would look to deply different companies data on different vlans/subnets ie. each company has it's own dmz. Less prone to configuration errors.
many thanks for your reply, its greatly appreciated
i'm using a juniper firewall and i'm undecided on whether to use subinterfaces, each with its own IP subnet, or to use a single IP subnet and then implement private vlans on a couple of 3560E switch (can pvlans run other several switches?)
thanks again for your help, it gives me more to think about
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...