[c-nsp] PVLAN Question

Pavel Skovajsa pavel.skovajsa at gmail.com
Wed Jan 12 16:19:40 EST 2011 

Actually there is a feature for this - "switchport private-vlan trunk" , but
as far as I know it is only working on the C4500-ME sup

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/pvlans.html
<http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/pvlans.html>

I am waiting and waiting for this to be available on ME3400.......and still
nothing

-pavel

On Wed, Jan 12, 2011 at 2:32 AM, schilling <schilling2006 at gmail.com> wrote:

> promisc port has to be access port. So you need a loopback cable on
> your access switch with two vlan numbers for your primary vlan. For
> example vlan 140 and vlan 141, then your link to distribution will
> still be vlan 140, 252 trunk, but one end of loopback cable would be
> access vlan 140, the other end of the loopback cable will be access
> vlan 141. You can then set vlan 141 to be your primary vlan, and the
> end with access vlan 141 to be promisc port. So you have to use a
> loopback cable and two ports. Foundry/Brocade is the same way too.
>
> Schilling
>
> On Tue, Jan 11, 2011 at 7:57 PM, Sam Evans <wintrmte at gmail.com> wrote:
> > All,
> >
> > I am trying to do a PVLAN implementation on one switch in a distribution
> /
> > access switch environment.  Ideally, I'd like to just be able to use the
> > 'isolated' command but we have a few devices that will need to talk to
> port
> > neighbors, so the PVLAN community would work well.
> >
> > My challenge here is that the uplink port on the access switch is an
> 802.1q
> > trunk to the distribution.  In reading the documentation and not really
> > fully understanding pvlans, if I set the uplink port to a promisc port I
> > lose connectivity to the distribution switch.
> >
> > My config looks something like this (access switch):
> >
> > vlan 101
> >  private-vlan isolated
> > !
> > vlan 102
> >  private-vlan community
> > !
> > vlan 140
> >  private-vlan primary
> >  private-vlan association 101-102
> > !
> > vlan 252
> >  name mgmt-net
> >
> > interface Vlan252
> >  ip address 10.0.0.200 255.255.255.0
> >  no ip route-cache
> >  no ip mroute-cache
> >
> > interface GigabitEthernet0/4
> >  description Uplink to distribution switch
> >  switchport trunk encapsulation dot1q
> >  switchport trunk allowed vlan 140,252
> >  switchport mode trunk
> >  no logging event link-status
> >  no snmp trap link-status
> >  spanning-tree guard loop
> > !
> >
> > Configuration for distribution switch:
> >
> > interface GigabitEthernet0/9
> >  description Trunk port to PVLAN switch
> >  switchport trunk allowed vlan 140,252
> >  switchport mode trunk
> >  spanning-tree guard loop
> >
> > In the normal environment, vlan 140 works fine and servers can talk back
> to
> > the gateway (just that they can also talk to each other on the access
> > switch).
> >
> > Any suggestions?
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list