Hi everyone!
I've asked a similar question before, but I was not getting any answers that worked for me, so it occurs to me that maybe the question was wrong all along.
The problem we're having is this:
We are a small ISP that often deploys networks to condo and apartment buildings, often using a switched network in a pretty conventional router-on-a-stick topology. We then isolate the users from one another using switchport protection or PVLANs on the edge and aggregation switches, such that, while all hosts are in the same broadcast domain, they can only communicate upstream towards the router. The side effect is that any attempt to communicate laterally, say, from one host to another, fails completely, as it is blocked by switchport protection/PVLANs. This is all well and good, except for one problem: the users cannot communicate with one another AT ALL. I know this is expected and normal behavior, but I would like for them to be able to communicate with one another at least as well as any other 2 hosts with public addresses out in the world could, in a layer 3 fashion.
The most concise way that I can put it that would solve our issue, assuming this is possible, is this: Is there a way to get all of my switches to forward all traffic, even traffic that would otherwise be layer 2 across the network, to the router? The router would then see that the traffic is meant to go back down to the LAN and forward it back down. This would be ideal because the path of the traffic would be compatible with the switchport protection/PVLANs while still isolating the users from one another from a layer 2 perspective.
No comments:
Post a Comment