[c-nsp] PVLAN Question
Sam Evans
wintrmte at gmail.com
Tue Jan 11 19:57:05 EST 2011
All,
I am trying to do a PVLAN implementation on one switch in a distribution /
access switch environment. Ideally, I'd like to just be able to use the
'isolated' command but we have a few devices that will need to talk to port
neighbors, so the PVLAN community would work well.
My challenge here is that the uplink port on the access switch is an 802.1q
trunk to the distribution. In reading the documentation and not really
fully understanding pvlans, if I set the uplink port to a promisc port I
lose connectivity to the distribution switch.
My config looks something like this (access switch):
vlan 101
private-vlan isolated
!
vlan 102
private-vlan community
!
vlan 140
private-vlan primary
private-vlan association 101-102
!
vlan 252
name mgmt-net
interface Vlan252
ip address 10.0.0.200 255.255.255.0
no ip route-cache
no ip mroute-cache
interface GigabitEthernet0/4
description Uplink to distribution switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 140,252
switchport mode trunk
no logging event link-status
no snmp trap link-status
spanning-tree guard loop
!
Configuration for distribution switch:
interface GigabitEthernet0/9
description Trunk port to PVLAN switch
switchport trunk allowed vlan 140,252
switchport mode trunk
spanning-tree guard loop
In the normal environment, vlan 140 works fine and servers can talk back to
the gateway (just that they can also talk to each other on the access
switch).
Any suggestions?
More information about the cisco-nsp
mailing list