We have a campus LAN with a Cat 6006 with MSFC providing layer 3 routing for approximately 12 VLANs, and about 40 edge switches, mostly
2900XL and 3500XLs for client access. Most of the ports on the edge switches are set to use PVLAN Edge layer 2 security (ie: "port protected" or "switchport protected" ), which prevents any layer 2 traffic between ports in the same VLAN on each edge switch. At the Cat6000 switch (not msfc), specific VLAN ACLs further prevent certain VLANs from communicating with other clients in the same group of VLANs. This is designed to allow for campus student access to specific services while preventing peer to peer file sharing, etc, between any users on this group of VLANs, and it works as designed, provided PVLAN edge (protected ports) are enabled on all client switch ports.We are now trying to add some 2948G switches to this mix, and they do not support PVLAN edge, according to the Cisco PVLAN compatibility matrix, but do support full PVLAN modes. What is not clear to me is if and how we can combine both PVLAN edge switches currently in use, and the Cat 2948G full PVLAN functionality on the same network, where the
2948G will be used as edge switches for the same group of VLANs. (all are dynamic VLANs assigned using VMPS on the Cat6000)We will be bench testing this next week, but if anyone has experience in a mixed environment like, or even just experience setting up the
2948G or C4000/4500 as an edge switch with PVLANs, I'd appreciate any help you can offer. I'm aware of the caveat of requiring VTP mode to be transparent, but not sure of other issues.Thanks.