Re: maximum active vlans in a cisco 6509
okay, now let's change venue: the hotel has copper pairs to all of the rooms that are terminated on a dslam. this dslam has only ethernet out and on the segment can provision each cable pair/customer to a vlan. these vlans are then aggregated into 10/100 switches in the basement uplinked to the corporate office via gige. then all those customer vlans end up being bridged 1483 to atm pvcs into an ssg. what box could possible aggregate all this gige, sar to atm, all the while supporting thousands of vlans many thanks from hotel owners everywhere 8> bob-
If you put all of the users on separate switch ports, then would they be able to snoop each other's traffic? At least the switches that I have seen prevent this behavior unless you put a particular switch port in "monitor" mode.
As long as all rooms in this hotel are on separate switch ports, you would basically be OK even without using VLANs.
Yes, multicast sessions, ARP requests etc can still be snooped.
Bora
2000-06-20-23:01:45 Roeland Meyer (E-mail):
Bob Biver: Tuesday, June 20, 2000 7:28 PM the docs say max 250, is this informational or a limit of spanning tree?
If I recall correctly, that's also real close to the maximum number of physical connections to the chasis, with all modules installed. Personally, I've never run anywhere near that number. I don't think it is useful to have less than 2 members in a vlan. You would also be surpassing the bandwidth limitations of that chasis, even if all the connections were 100baseTX.
For many uses, I think you certainly have a clear and reasonable point. But while I don't know what the original poster had in mind, I can fantasize a use for thousands of vlans, even on a switch that doesn't have thousands of distinct ports. And without necessarily exceeding available bandwidth.
Lessee, suppose I were designing something like an internet-access-for-hotel-rooms, or thereabouts. Or suppose otherwise I had thousands of users who didn't trust each other, at all, who I didn't want to have sniffing each other's traffic, who were just wanting to share access to an internet connection, itself less than 100BaseT, maybe even much less.
One way I could fantasize doing it would be to assign a separate VLAN to each port of as many different switches, interconnected with 802.1Q or ISL, as it took to provide ports to every room. Run one 802.1Q line into the one router in this picture, say a Linux box using iproute2 for traffic shaping.
Ok, so maybe 6509s would be way overkill for this application, no way you need that kind of backplane bandwidth. But as circumstances emerge where you want to have a fully-routed network (next step up the protocol ladder from a fully-switched network --- each host gets its own dedicated router port) I can anticipate settings where VLANs might get abused in a most remarkable way.
- -Bennett -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE5UDpTL6KAps40sTYRAkSXAJ9zRIAdsIp1xjdS2Vl56WjTeNdmdgCghySl Z+zy1YE6u1OW3RopArzAkDg= =gFAm -----END PGP SIGNATURE-----
________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
okay, now let's change venue: the hotel has copper pairs to all of the rooms that are terminated on a dslam. this dslam has only ethernet out and on the segment can
each cable pair/customer to a vlan. these vlans are then aggregated into 10/100 switches in the basement uplinked to the corporate office via gige. > then all those customer vlans end up being bridged 1483 to atm
Sez "Bob Biver" <bbiver@hotmail.com> provision pvcs into an
ssg.
Don't forget you'll have to have DSL CPE in every room; that's why most places use Ethernet in the first place.
what box could possible aggregate all this gige,
You don't state what kind of density you require, but several vendors build GE aggregation devices.
sar to atm, all the while
Unless something's come out recently I wasn't aware of (likely), nobody can SAR at multi-Gbit speeds. In any case, why SAR it to ATM at the head end when you already have it there as packets? Isn't that counter-productive?
supporting thousands of vlans
Good luck.
many thanks from hotel owners everywhere 8>
May I suggest you reconsider your architecture?
bob-
S | | Stephen Sprunk, K5SSS, CCIE #3723 :|: :|: Network Design Consultant, HCOE :|||: :|||: 14875 Landmark Blvd #400; Dallas, TX .:|||||||:..:|||||||:. Email: ssprunk@cisco.com
2000-06-21-14:05:05 Stephen Sprunk:
supporting thousands of vlans
Good luck.
Another Cisco dude pointed me at an exciting-sounding option here; if I correctly understand the material at <URL:http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_5_5/cnfg_gd/vlans.htm#xtocid2252917>, the desired isolation and control may be achievable by configuring one VLAN, and one big horking private VLAN, with each room assigned an isolated port (in the isolated VLAN), and the router given a promiscuous port (on the private VLAN). Normally that'd leave the difficulty (and performance hit) of forcing a one-lung router for any cross-chatter between isolated ports, but in this case it's specifically desireable that they cannot talk to each other at all. -Bennett
participants (3)
-
Bennett Todd -
Bob Biver -
Stephen Sprunk