cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Private VLAN Problem (Very Difficult)

96
Views
0
Helpful
0
Comments

I have a problem about Private VLAN. I sreach it in google in three days, but one people use this as difficult as my case. Hope someone can help.

My core switch in Cisco 4503, and I have two access switch Cisco 2960. I have a router with support many 802.1q subinterface.

I connect all device to Core switch as following

Core GigabitEthernet1/1<-->Router GigabitEthernet1/1

Core GigabitEthernet1/2<-->Access2 GigabitEthernet1/1

Core GigabitEthernet1/3 <--> Access2 GigabitEthernet1/1

I have a lot of VLAN in the switch.* I only want to isolate VLAN 100 traffic and allow it to the router only. I want to keep all other VLANs as normal.

Core

Vlan100

name Wireless

   private-vlan primary

  private-vlan association 101

Vlan101

  private-vlan isolated

interface GigabitEthernet1/1

description Connect to router with trunk link

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,99,100,401-440,501-540

switchport private-vlan trunk allowed vlan 200,201

switchport private-vlan mapping 200 201

switchport mode private-vlan trunk promiscuous

spanning-tree portfast trunk

interface GigabitEthernet1/2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,100,401-440

switchport private-vlan trunk native vlan 1

switchport private-vlan trunk allowed vlan 100,101

switchport private-vlan association trunk 100 101

switchport mode private-vlan trunk

switchport nonegotiate

spanning-tree portfast trunk

end

interface GigabitEthernet1/3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,100,501-540

switchport private-vlan trunk native vlan 1

switchport private-vlan trunk allowed vlan 100,101

switchport private-vlan association trunk 100 101

switchport mode private-vlan trunk

switchport nonegotiate

spanning-tree portfast trunk

end

Access1

interface GigabitEthernet0/1
description Connect to 4503
switchport trunk allowed vlan 1,100,401-440
switchport mode trunk
switchport nonegotiate

Access2

interface GigabitEthernet0/1
description Connect to 4503
switchport trunk allowed vlan 1,100,501-540
switchport mode trunk
switchport nonegotiate

My my whole network stop after I input above command.

Would anyone tell me what is the problem?

I want following question

1) Would "switchport trunk allowed" and "switchport private-vlan trunk allowed vlan" atcive at the same time?

2) In my access switch, this is not support PVLAN. Do you mean I need to change VLAN100 to VLAN101?

3) In my route should I keep subinterface in VLAN100 or need to more to VLAN101?

Thank you very much!