Hello Team,

I've created this switch script to add new clients to my network. I will provide them with dedicated servers that need to be isolated, ensuring they cannot see each other's traffic. Below is the configuration.

!Primary VLAN 333

vlan 333
 private-vlan primary
 private-vlan association 334,335

!Secondary VLAN 334 (Isolated for Client 1)

vlan 334
 description Isolated VLAN for Client 1
 private-vlan isolated

!Secondary VLAN 335 (Isolated for Client 2)

vlan 335
 description Isolated VLAN for Client 2
 private-vlan isolated

!Configure the ports for Client 1 (VLAN 334)

interface Gi1/0/1
 switchport mode private-vlan host
 switchport private-vlan host-association 333 334
 description Client 1 Port - Isolated to VLAN 334

!Configure the ports for Client 2 (VLAN 335)

interface Gi1/0/2
 switchport mode private-vlan host
 switchport private-vlan host-association 333 335
 description Client 2 Port - Isolated to VLAN 335

I haven’t configured an SVI for the primary vlan on this 3750 and do not want to create it. The gateway for the secondary isolated PVLANs should be the router IP. The router is running on a Dell server connected to another Nexus 6k switch on Proxmox VE, and this Nexus switch is not running any PVLANs.

Note:
On this 3750, I have a few clients that do not require an isolated network and are successfully using the router IP as their gateway.

My Concern is:

Where should I configure the promiscuous port, or is the current configuration sufficient for the secondary isolated VLAN to communicate with the router IP?

I’ve received a lot of valuable help from this community so far, and I would really appreciate it if anyone could assist me in resolving this concern.

Thanks,

Punkn