I wonder if it isn't the "not ping local to bcast domain" aspects of private vlans that make them attractive as much as it's the layer 2 protection you get to mitigate attacks on arp, mac table corruption/flooding, etc.
Aaron -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Hilliard Sent: Tuesday, January 15, 2013 9:58 AM To: Alex Pressé Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] list wisdom please, Cisco switches On 15/01/2013 15:30, Alex Pressé wrote: > Using private VLANs should make quick work of keeping traffic separate. I don't get why people shouldn't be able to ping each other / etc. Isn't this traffic functionally equivalent to any other Internet traffic? What's different about it? Nick _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/