1. Promiscuous - promiscuous port can communicate with all interfaces, including the isolated and community ports within a PVLAN.
2. Isolated ? An isolated port has complete Layer 2 separation from the other ports within the same PVLAN, but not from the promiscuous ports. PVLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic from isolated port is forwarded only to promiscuous ports.
3. Community ? Community ports communicate among themselves and with their promiscuous ports. These interfaces are separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN.
So, based on limitation on Community PVlan, no communication is allowed between members from Group A and Group B.
I understand what you have said, but what would happen if Group A and Group B were two different customers connected to the same ISP and the two differnt pc's were actually web servers, and group A wanted to access Group B web server and vice versa.
What i am trying to get at is that, from what i know, if customer A (192.168.1.1) pinged customer B (192.168.1.2) it should never go to a router (default gateway) because they are on the same subnet.
So am i right in saying that different customers connected to the same ISP inplementing pVLANS (different communites and isolated) will NOT be able to communicate under ANY CIRCUMSTANCES?
Surely that cant be true...
The only thing i can think of is that the traffic goes to the promiscuous port and then gets routed from there, but then wouldnt that defeat the whole purpose of pVLANS!
You are correct, Private VLAN configuration alone will not restrict traffic from being routed properly between private vlans. You will need to at a minimum install ACLs on your router where the VLANs spawn, and VACLS at each L2 device where you intend to control access...
You can use promiscuous@primary Vlan to get your community to talk to each other. In this case, ACL is required. More or less, this is similar to the inter-vlan communication.
But among the main purpose of PVLAN is to group hosts in certain mode (promiscuous, isolated and community), where eventhough basically they belongs to the same main Vlan group, they are not allowed to talk to each other due to security reason, i.e spreading viruses, avoid hacking escalation and so on.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...