Posts tagged as:

Catalyst

Introduction to Private VLANs

by Tony Mattke on June 1, 2010



The concepts behind Private VLANs are in fact rather simple, but it is quite easy to get discombobulated in the details. In their simplest form, PVLANs can dissociate ports within a PVLAN as if they were on separate VLANS, but still allow them to communicate with a common default gateway. i.e. these ports share a subnet, but can be prevented from communicating to each other.

In order to accomplish this we split our VLAN into sub-VLANS and classify these into one of three groups depending on how we want to segregate traffic. These groups are as follows.

  • Promiscuous / P-port: This port type is allowed to send and receive from any other port on the VLAN. Typically this would be connected to a router.
  • Isolated/ I-port: This type of port is only allowed to communicate with promiscuous ports, they are not only isolated from community ports, but other isolated ports. You commonly see these ports connecting to hosts.
  • Community / C-port: Can only communicate with other C-ports and P-ports.

In our example we’re using VLAN 100 as our primary VLAN. Our host machines will be setup on VLAN 101 which will be configured as Isolated. Our servers will be configured as Community ports on VLAN 102. Essentially, once established, VLAN 100 will forward frames from P-ports to I and C-ports. VLAN 101 and 102 are considered secondary VLANs.
[ read more... ]

{ 5 comments }

Measuring Cable Lengths on a Catalyst Switch

by Tony Mattke on May 21, 2010



A while back, I was playing on a 3750 switch in a customers lab and came across something I’ve never seen before. It seems that some Cisco switches have a built in Time-domain reflectometer, or TDR. While this is pretty standard on something like my Fluke gear, its nothing that I would expect to find on a Catalyst switch!

According to what I could find, this should be present on the 3560, 3750, and some modules for the 4500, 6500 and 7600 series. Quite an interesting feature if you ask me! This could be quite helpful for discovering cables that have been damaged. You can find the Cisco command reference for this feature here.

Switch#test cable-diagnostics tdr interface g1/0/12
TDR test started on interface Gi1/0/12
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.
Switch#show cable-diagnostics tdr int g1/0/12
TDR test last run on: May 21 21:31:09

Interface Speed Local pair Pair length        Remote pair Pair status
--------- ----- ---------- ------------------ ----------- --------------------
Gi1/0/14  auto  Pair A     25   +/- 4  meters N/A         Open
                Pair B     25    +/- 4  meters N/A         Open
                Pair C     24   +/- 4  meters N/A         Open
                Pair D     25   +/- 4  meters N/A         Open

{ 2 comments }