• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Nortel Networks Any Nortel Edge Switches With Private VLAN Features?

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date Any Nortel Edge Switches With Private VLAN Features? Will 09-24-06  Re: Any Nortel Edge Switches With Private VLAN Fea... Dophi 09-27-06  Re: Any Nortel Edge Switches With Private VLAN Fea... Morten Rydahl N... 09-29-06

Posted by Will on September 24, 2006, 2:55 pm Please log in for more thread options Cisco switches support a security feature known as Private VLANs (PVLANs), with one port used to uplink to a router or firewall port, and the remaining ports configured as completely private? I'm not sure how Cisco defines PVLAN, but the key attribute I must have for this product is that all data must pass from a private port to the uplink port, with no possibility for broadcast, arp, or layer 3 traffic to travel between private ports. This must be true even if the host attached to a private VLAN port can impersonate a different MAC address other than its own, and must be true even if the host knows the target MAC address of a host on a different VLAN port. Since I will be using one of these switches for each segment attached to a firewall, and the number of hosts are trivially small, I have no concerns about density or about passing VLAN information across multiple switches. What are my product options? I would like to identify both a fast ethernet and a gigabit switch. -- Will

Posted by Dophi on September 27, 2006, 9:21 pm Please log in for more thread options Unfortunately, Nortel switches don't support Private VLANs. The only one way to achieve your goal on Nortel platform is ACL but it's too hard to do it. Will wrote: > Cisco switches support a security feature known as Private VLANs (PVLANs), > with one port used to uplink to a router or firewall port, and the remaining > ports configured as completely private? I'm not sure how Cisco defines > PVLAN, but the key attribute I must have for this product is that all data > must pass from a private port to the uplink port, with no possibility for > broadcast, arp, or layer 3 traffic to travel between private ports. This > must be true even if the host attached to a private VLAN port can > impersonate a different MAC address other than its own, and must be true > even if the host knows the target MAC address of a host on a different VLAN > port. > > Since I will be using one of these switches for each segment attached to a > firewall, and the number of hosts are trivially small, I have no concerns > about density or about passing VLAN information across multiple switches. > > What are my product options? I would like to identify both a fast ethernet > and a gigabit switch. > > -- > Will

Posted by Morten Rydahl Nielsen on September 29, 2006, 5:53 am Please log in for more thread options > Cisco switches support a security feature known as Private VLANs (PVLANs), > with one port used to uplink to a router or firewall port, and the remaining > ports configured as completely private? I'm not sure how Cisco defines > PVLAN, but the key attribute I must have for this product is that all data > must pass from a private port to the uplink port, with no possibility for > broadcast, arp, or layer 3 traffic to travel between private ports. This > must be true even if the host attached to a private VLAN port can > impersonate a different MAC address other than its own, and must be true > even if the host knows the target MAC address of a host on a different VLAN > port. > > Since I will be using one of these switches for each segment attached to a > firewall, and the number of hosts are trivially small, I have no concerns > about density or about passing VLAN information across multiple switches. > > What are my product options? I would like to identify both a fast ethernet > and a gigabit switch. > > -- > Will Hi Will. You can use the PVID setting on the ports to get something like this function on most Nortel ethernet switches. The PVID defines the target VLAN for an untagged port. For 100Mb/s you can use the 470 switch, and for Gigabit the 5510. 1. Disable the "Auto PVID" global parameter (Is disabled default). 2. All ports set to "Untagged/Access", NOT Tagged. 3. Create 1 VLAN for the firewall, and 1 for each client. 4. Assign all VLAN's to the firewall port, and set the PVID to the firewall VLAN 5. For each "client" port assign the firewall VLAN, and the 1 VLAN for the client. PVID set to client VLAN. Traffic sent from the firewall will be seen by all client ports, but traffic from a client will only be seen by the firewall. Regards Morten Rydahl

Similar Threads	Posted
Any Nortel Edge Switches With Private VLAN Features?	September 24, 2006, 2:55 pm
Nortel phone features	March 23, 2007, 6:00 pm
Universal Edge 632 - how?	June 13, 2005, 3:18 am
Universal Edge 9000	April 13, 2005, 3:02 am
BCM Console.NET 3.0 Exciting New Features!!	January 16, 2006, 10:42 am
Private line forwarding...	August 28, 2005, 7:53 am
Unable to access private line key from second phone if we orignate the call.	March 17, 2006, 1:44 pm
vlan and qos	July 20, 2007, 10:53 am
Configuring mlt and vlan	April 29, 2005, 4:33 am
Vlan on VPN Router 600 ?	October 13, 2005, 12:04 am
VLAN trunking	January 30, 2007, 4:28 pm
BCM VLAN Voice and Data	May 22, 2006, 10:24 pm
Baystack450-24T: same ports on multiple vlan	October 12, 2005, 11:23 am
vlan problems on bps2000 stack	October 25, 2005, 2:25 am
BPS2000 - Portbase VLAN sharing	January 16, 2007, 7:55 am

Contact Us | Privacy Policy