Hi all!! I'd like to build the following network architecture: At this time on our server farm 6500 switches' we have assigned some pvlan to our web housing customers. Every customer is assigned on a pvlan port. The gateway is a Pix firewall in high availability configured on promiscuous mode. Example: set vlan 3 name VLAN_HOUSING type ethernet pvlan-type primary set vlan 31 name PVLAN_HOUSING type ethernet pvlan-type isolated set pvlan 3 31 set pvlan 3 31 3-37/48,5/37-48,6/37-48 set pvlan mapping 3 31 3/4 set pvlan mapping 3 31 5/3
set vlan 299 name VLAN_Housing2 type ethernet pvlan-type primary set vlan 399 name PVLAN_Housing2 type ethernet pvlan-type isolated set pvlan 299 399 set pvlan 299 399 8/34-48,7/34-48 set pvlan mapping 9/4 set pvlan mapping 10/4
We have the same configuration also for some community vlans. To everyone of them corresponds a port on web farm firewalls (2 failover pix).
I'd like to reduce the number of interfaces on the firewall and on the switch using 1 gb ports and configuring tag vlan 802.1q or ISL.
Do you think it may be possible?? If you think so, can you please send me some configuration hints?
Many thanks to all and good day!! P.S.: sorry for my poor english! :-))
Daniela