Re: [c-nsp] VRF-ish solution for L2 interfaces?
One other idea is that, depending on the details of what you're facing, you could do QinQ for the ports in question. Then you could effectively have VRF-like separation between them. dp -Original Message- From: randal k cisco...@data102.com Date: Wed, 6 Apr 2011 09:16:15 -0700 To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: [c-nsp] VRF-ish solution for L2 interfaces? NSP'ers, For unfortunate reasons I am asking the collective if there is a way to do VRF-lite style segragation for layer-2 interfaces. Situation is that I have a 6509, and I need to make a single blade on the chassis have a completely separate VLAN database from the rest of the chassis, effectively letting me use a VLAN twice on the chassis without allowing them to talk to each other. I dig that this can be done with protected ports or PVLANs, but am hoping for a more assign all the ports to a new VRF-style solution. Thanks in advance! Randal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] VRF-ish solution for L2 interfaces?
NSP'ers, For unfortunate reasons I am asking the collective if there is a way to do VRF-lite style segragation for layer-2 interfaces. Situation is that I have a 6509, and I need to make a single blade on the chassis have a completely separate VLAN database from the rest of the chassis, effectively letting me use a VLAN twice on the chassis without allowing them to talk to each other. I dig that this can be done with protected ports or PVLANs, but am hoping for a more assign all the ports to a new VRF-style solution. Thanks in advance! Randal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VRF-ish solution for L2 interfaces?
On 06.04.2011, at 18:23, randal k cisco...@data102.com Situation is that I have a 6509, and I need to make a single blade on the chassis have a completely separate VLAN database from the rest of the chassis, effectively letting me use a VLAN twice on the chassis without allowing them to talk to each other. Why? Just buy a 2960 with 48 ports or use a platforn which creates virtual switches. Could you not just use for eg Vlan100 on module 1 and vlan200 on mod 2. you could then connect the second switch via access ports rather than trunks and translate the vlan in this way. - Very confusing however I dig that this can be done with protected ports or PVLANs, but am hoping for a more assign all the ports to a new VRF-style solution. A good solution if you need job security - dont think I would want to maintain this. Regards Andrew ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VRF-ish solution for L2 interfaces?
On 04/06/2011 05:16 PM, randal k wrote: NSP'ers, For unfortunate reasons I am asking the collective if there is a way to do VRF-lite style segragation for layer-2 interfaces. Situation is that I have a 6509, and I need to make a single blade on the chassis have a completely separate VLAN database from the rest of the chassis, effectively letting me use a VLAN twice on the chassis without allowing them to talk to each other. No. The VLAN space is chassis-global for LAN cards. One some WAN cards I believe you can do sub-interfaces where vlans are re-used, but I'm not sure if that's layer2 capable, and most of the WAN cards are pricey and low density so probably useless for your case. VLAN translation might be of some use to you, but you've got to be careful with the caveats (port groupings, limits on number of mappings) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VRF-ish solution for L2 interfaces?
On 06.04.2011 18:16, randal k wrote: NSP'ers, For unfortunate reasons I am asking the collective if there is a way to do VRF-lite style segragation for layer-2 interfaces. Situation is that I have a 6509, and I need to make a single blade on the chassis have a completely separate VLAN database from the rest of the chassis, effectively letting me use a VLAN twice on the chassis without allowing them to talk to each other. Could something like the UNI/NNI port types that are used on ME-switches like the ME3400 be a possibility? If you have a switch with several ports configured as UNI ports in the same VLAN, they won't be able to talk to each other, even though they are in the same VLAN. All traffic is required to go out via NNI uplink ports ... (not sure whether this feature is available on the 6500 series though) -garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VRF-ish solution for L2 interfaces?
Nexus 7k configured with two VDCs... Have a spare $150,000 to solve the problem? :-) -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of randal k Sent: Wednesday, April 06, 2011 11:16 AM To: cisco-nsp Subject: [c-nsp] VRF-ish solution for L2 interfaces? NSP'ers, For unfortunate reasons I am asking the collective if there is a way to do VRF-lite style segragation for layer-2 interfaces. Situation is that I have a 6509, and I need to make a single blade on the chassis have a completely separate VLAN database from the rest of the chassis, effectively letting me use a VLAN twice on the chassis without allowing them to talk to each other. I dig that this can be done with protected ports or PVLANs, but am hoping for a more assign all the ports to a new VRF-style solution. Thanks in advance! Randal ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VRF-ish solution for L2 interfaces?
There are virtual-switches on Juniper MXs which do precisely what you are asking for. Each virtual-switch has the entire VLAN space and their own spanning-tree configuration. From: Garry g...@gmx.de To: randal k cisco...@data102.com Cc: cisco-nsp cisco-nsp@puck.nether.net Sent: Wed, April 6, 2011 2:33:36 PM Subject: Re: [c-nsp] VRF-ish solution for L2 interfaces? On 06.04.2011 18:16, randal k wrote: NSP'ers, For unfortunate reasons I am asking the collective if there is a way to do VRF-lite style segragation for layer-2 interfaces. Situation is that I have a 6509, and I need to make a single blade on the chassis have a completely separate VLAN database from the rest of the chassis, effectively letting me use a VLAN twice on the chassis without allowing them to talk to each other. Could something like the UNI/NNI port types that are used on ME-switches like the ME3400 be a possibility? If you have a switch with several ports configured as UNI ports in the same VLAN, they won't be able to talk to each other, even though they are in the same VLAN. All traffic is required to go out via NNI uplink ports ... (not sure whether this feature is available on the 6500 series though) -garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] VRF-ish solution for L2 interfaces?
EVC with split horizon can also achieve something similar but I am not sure if 6500 supports it. -Waris -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Garry Sent: Wednesday, April 06, 2011 12:34 PM To: randal k Cc: cisco-nsp Subject: Re: [c-nsp] VRF-ish solution for L2 interfaces? On 06.04.2011 18:16, randal k wrote: NSP'ers, For unfortunate reasons I am asking the collective if there is a way to do VRF-lite style segragation for layer-2 interfaces. Situation is that I have a 6509, and I need to make a single blade on the chassis have a completely separate VLAN database from the rest of the chassis, effectively letting me use a VLAN twice on the chassis without allowing them to talk to each other. Could something like the UNI/NNI port types that are used on ME-switches like the ME3400 be a possibility? If you have a switch with several ports configured as UNI ports in the same VLAN, they won't be able to talk to each other, even though they are in the same VLAN. All traffic is required to go out via NNI uplink ports ... (not sure whether this feature is available on the 6500 series though) -garry ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
