[c-nsp] Private VLANS w/ Promiscuous port a trunk port?
Rafael Rodriguez
Rafael.Rodriguez at msmc.com
Tue Jul 15 15:37:21 EDT 2008
Hello all,
I am trying to figure out if the following will work:
Have a 6500 w/ sup2/msfc2 Native IOS.
Would like to configure some ports as Isolated Private VLAN ports.
These Isolated ports need to only speak to a 802.1q trunk port I have.
I believe I can't configure this 802.1q trunk port as a .1q trunk and a
Promiscuous port "switchport mode private-vlan promiscuous" at the same
time (its either "switchport mode trunk" or switchport mode priavte-vlan
promiscuous" - not both).
The .1q trunk port will carry lots of other VLANS. Behind this .1q trunk
port will be the L3 device responsible for the L3 portion of the Private
VLAN.
I need to make sure the Private VLAN can talk to the L3 device behind
the .1q trunk port... The .1q trunk port is kind of like a
router-on-a-stick.
# VID 100 Private VLAN
# VID 101 Isolated VLAN
vlan 100
private-vlan primary
vlan 101
private-vlan isolated
vlan 100
priavte-vlan association 101
interface GigabitEthernet1/1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100-200
switchport mode trunk
no ip address
load-interval 30
spanning-tree portfast trunk
interface GigabitEthernet1/2
switchport
switchport mode private-vlan host
switchport private-vlan host-association 100 101
spanning-tree portfast
Will something like that work?
Cheers,
RR
More information about the cisco-nsp
mailing list