If you are working hard towards achieving
Cisco CCNP Switch 642-813 certification exams, private VLANs does comes into
picture. Yeah its part of CCNP Switch 642-813 curriculum. Cisco basically
designed Private VLANs (PVLANS) as part of layer 2 security, in normal
condition in any given network the traffic is allowed to move unconditionally
within a VLAN. What if you want to restrict the movement of traffic with in a
VLAN? Private VLAN (PVLANS) comes into picture.
Private VLAN (PVLANS) are really just
sub-VLAN inside a VLAN, they basically allows you to split the VLAN domain into
multiple isolated subdomains. When it comes to inter-VLAN routing we need a
Layer 3 device to forward packets. The same analogy applies to Private VLAN
(PVLANS). They need layer 3 devices such as Cisco Router or Cisco MultilayerSwitch.
To make things much simpler, consider a
Network environment in which the service provider need to connects servers
belonging to different customers to the Internet. These servers must all be
able to reach their first-hop router, but for security reasons, servers
belonging to one customer must not be able to communicate with servers
belonging to another. An obvious design solution for these requirements is to
place each customer’s servers in a separate VLAN, which also requires the
assignment of a separate IP subnet per customer (even if they have only one
server).
By creating separate VLANs not only wastes
the VLAN IDs but also IP addresses as well. To overcome this Private VLAN
(PVLANS) were introduced as a more elegant alternative, allowing multiple
devices to reside in the same IP subnet, yet remain isolated from one another
at layer two.
In upcoming post we see what terminologies
are used in Private VLAN (PVANS) and how they are distinguished.
More Private VLANs Tips and Tutorials:
No comments:
Post a Comment