I did have a post to go with this, but I wasn’t feeling it so just decided to keep the quote because it fits this whole mess of a certification 😉

Completed items

  • Day 7 of cod
  • No labs were completed, no time

Goals for this week

  • Day 8 of the cod
  • Start the core lab workbook

I must admit I skipped through some of day 7 of the cod. I moved right through the classes on authentication for OSPF, RIP, EIGRP. I have them down pretty much now. I am starting to get close to completing the cod which is starting to feel like an accomplishment itself with everything else that is going on.

I am going to start out building up my core topics with lab workbook III this time instead of the full workbook II labs. I need to build up my core topics before even thinking about multicast, qos, ntp, etc…

A very good read for a topic that seems to get very little exposure. I know in the Cisco Press books I have read Private Vlans were only covered by a few pages here and there. I am sure if you work for a large ISP or network provider you are very familiar already with this topic, but for us little network people this a nice read…

Due to the non-decreasing interest to the post about Private VLANs, I decided to make another one, more detailed – including a diagram and verification techniques.

To begin with, look at the concept of VLAN as a broadcast domain. What Private VLANs (PVANs) do, is they split the domain into multiple isolated broadcast subdomains. It’s a nesting concept – subVLANs inside a VLAN. Next, as we know, Ethernet VLANs are not allowed to communicate directly with each other – they require a L3 device to forward packets between broadcast domains. The same concept applies to PVLANS – since the subdomains are isolated at level 2, they need to communicate using an upper level (L3/packet forwarding) entity – such as router. However, there is difference here. Regular VLANs usually correspond to a single IP subnet. When we split VLAN using PVLANs, hosts in different PVLANs still belong to the same IP subnet, but now they need to use a router (L3 device) to talk to each other (for example, by using local Proxy ARP). In turn, router may either permit or forbid communications between sub-VLANs using access-lists. Why would anyone need Private VLANs? Commonly, this kind of configurations arise in “shared” environments, say ISP co-location, where it’s beneficial to put multiple customers into the same IP subnet, yet provide a good level of isolation between them.

Read more