Showing posts from December 27, 2009

Private VLANs (PVLANs)

今天晚上接到一位老同事來電詢問Private VLAN相關的問題,所以我上網找了一篇比較清楚簡單的說明摘錄如下,其中最容易讓大家confused的就是Private VLAN中包含了三種port,我用比較簡單的中文列出它們之間的不同點:Promiscuous - 在這種Port上通常連結的是這個VLAN中的共用設備,如Gateway或是外部Server Isolated - 在這種Port上通常只能連結至Promiscuous ports,如果在IDC中提供主機代管服務,為了節省IP若是不想切割子網路造成無謂的IP浪費,可以在不同客戶主機使用同一個VLAN(使用同網段IP)但是彼此之間互不相通時就很適合使用這種PortCommunity - 在這種Port的設備可以直接與相同Community Port上的其他設備互通(比方說某客戶要求三台主機代管,這三台主機使用同網段IP又要互連,但是不跟同網段其他客戶主機互連),也可以連結至 Promiscuous ports上的Gateway或是外部ServerPrivate VLANs (PVLANs)Until now, I thought PVLANs were a bit  difficult to understand and to implement, like when studying to CCNP that took me a while to digest, and I had some doubts about it, till today! Man... how simple it is, and there´s no much "magic" in that (like our friend Scott Morris usually says)!  Pretty straight-forward and no big deals! The Security VideoIPExpert is AWESOME. It´s short, informative, to the point, and solved MANY questions I´ve for a while in minutes! Man! What a nice way to do it!
So, let´s get…