This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Private vlan with fabric attach

Private vlan with fabric attach

Go to solution
SimoneZ
New Contributor II

‎08-28-2024 03:12 AM

Hello,

we want to deploy private vlans in our fabric attach infrastructure, in order to limit the traffic in the same subnet.

All the endpoints are connected to access switches (that are in SwitchEngine/EXOS), while core switches are used only as distribution layer.

For EXOS, I had this link as a reference

https://documentation.extremenetworks.com/exos_30.4/GUID-56B81F2C-8A3B-4303-A212-92322613EFAA.shtml

Where it is possible to extend the private vlans between switches. My question is, which configuration is needed on backbone switches (fabric engine), to extend the private vlans between access switches?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Myra1
New Contributor

‎11-10-2024 09:14 AM

To set up a Private VLAN (PVLAN) with Fabric Attach, integrating a context like "Animesuge" for easier understanding, let's break down the basics: Private VLAN (PVLAN): A PVLAN is used in network segmentation to isolate traffic within the same VLAN, allowing for more secure and efficient traffic management. It consists of primary and secondary VLANs, where the secondary VLANs are either isolated or community VLANs, offering different levels of isolation among devices. Fabric Attach: This is a network automation protocol often used in Software Defined Networking (SDN) to simplify the deployment of network services. With Fabric Attach, the network automatically assigns VLANs and other configurations to connected devices, making network setup faster and less error-prone. Using Animesuge as an Example Context: Imagine Animesuge needs to isolate its servers (database, content delivery, web servers) for security while still being part of a larger network. By setting up a PVLAN, you can place each server type into isolated or community VLANs. Using Fabric Attach would then allow these servers to be dynamically assigned to the correct VLANs as they come online or change location within the network, enhancing both security and management efficiency.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Richard13
New Contributor

2 weeks ago

To extend Private VLANs (PVLANs) across switches in your Fabric Attach infrastructure, where access switches run SwitchEngine/EXOS and core switches are acting as the distribution layer with Fabric Engine (VOSS), you need to consider how to preserve the isolation and forwarding behavior of PVLANs across the fabric

  • Use PVLANs to isolate traffic within the same subnet.

  • Extend those PVLANs between access switches.

  • Use the Fabric Engine (VOSS) switches purely for transport, no direct endpoint connections or visit us: https://ds4-windows.us/ 

 

0 Kudos

Go to solution
Ludovico_Steven
Extreme Employee

‎11-25-2024 06:52 AM

If you deploy FabricEngine to the access, you can use PVLANs, and you can use RADIUS authentication (MAC based or 802.1X) to automatically place a user/device in the PVLAN of choice. These PVLANs will have L2 I-SID associated, so the PVLAN can easily span the entire fabric if needed. But note that Fabric Engine does not support PVLAN Community VLAN ids; all you have is the primary and secondary VLAN ids, for isolated and promiscuous users.

Switch Engine also supports PVLANs, including the PVLAN Communities. But if you are using Switch Engine FA Proxy access off a Fabric Engine Fabric FA Server(s), then PVLANs cannot be used, as Fabric Attach signalling can only signal 1 VID per I-SID. You would have to disable FA between the Switch Engine and the Fabric Engine, and q-tag trunk all the PVLANs manually.

0 Kudos

Go to solution
Myra1
New Contributor

‎11-10-2024 09:14 AM

To set up a Private VLAN (PVLAN) with Fabric Attach, integrating a context like "Animesuge" for easier understanding, let's break down the basics: Private VLAN (PVLAN): A PVLAN is used in network segmentation to isolate traffic within the same VLAN, allowing for more secure and efficient traffic management. It consists of primary and secondary VLANs, where the secondary VLANs are either isolated or community VLANs, offering different levels of isolation among devices. Fabric Attach: This is a network automation protocol often used in Software Defined Networking (SDN) to simplify the deployment of network services. With Fabric Attach, the network automatically assigns VLANs and other configurations to connected devices, making network setup faster and less error-prone. Using Animesuge as an Example Context: Imagine Animesuge needs to isolate its servers (database, content delivery, web servers) for security while still being part of a larger network. By setting up a PVLAN, you can place each server type into isolated or community VLANs. Using Fabric Attach would then allow these servers to be dynamically assigned to the correct VLANs as they come online or change location within the network, enhancing both security and management efficiency.
0 Kudos

Go to solution
Richard13
New Contributor
In response to Myra1

‎11-17-2024 09:22 AM

A Private VLAN (PVLAN) with Fabric Attach is a networking concept that combines the isolation benefits of private VLANs with the automated provisioning and configuration capabilities of Fabric Attach in modern network architectures.

Private VLAN Overview

  • Purpose: Used to enhance security and limit broadcast domains in a larger VLAN by subdividing it into smaller, isolated groups.
  • Types of Ports in PVLAN:
    • Promiscuous Ports: Can communicate with all other ports in the PVLAN.
    • Isolated Ports: Can only communicate with promiscuous ports, not with other isolated or community ports.
    • Community Ports: Can communicate with other community ports and promiscuous ports but not with isolated ports.

Fabric Attach Overview

  • Purpose: Simplifies the deployment of VLANs, PVLANs, and other network services by automating their configuration through dynamic signaling mechanisms.
  • Key Features:
    • Auto-discovery of VLANs and PVLAN configurations.
    • Integration with management platforms like IEEE 802.1Qbg (Edge Virtual Bridging) for network virtualization.
    • Simplified scaling for complex network architectures.
    • Visit for more information: https://aniwave.com.pl/
0 Kudos
Top
GTM-P2G8KFN