Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
301
Views
0
Helpful
0
Comments

Private VLAN Problem (Very Difficult)

michaelchung
Level 1
Level 1

‎08-02-2011 07:13 PM - edited ‎03-01-2019 04:42 PM

I have a problem about Private VLAN. I sreach it in google in three days, but one people use this as difficult as my case. Hope someone can help.

My core switch in Cisco 4503, and I have two access switch Cisco 2960. I have a router with support many 802.1q subinterface.

I connect all device to Core switch as following

Core GigabitEthernet1/1<-->Router GigabitEthernet1/1

Core GigabitEthernet1/2<-->Access2 GigabitEthernet1/1

Core GigabitEthernet1/3 <--> Access2 GigabitEthernet1/1

I have a lot of VLAN in the switch.* I only want to isolate VLAN 100 traffic and allow it to the router only. I want to keep all other VLANs as normal.

Core

Vlan100

name Wireless

   private-vlan primary

  private-vlan association 101

Vlan101

  private-vlan isolated

interface GigabitEthernet1/1

description Connect to router with trunk link

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,99,100,401-440,501-540

switchport private-vlan trunk allowed vlan 200,201

switchport private-vlan mapping 200 201

switchport mode private-vlan trunk promiscuous

spanning-tree portfast trunk

interface GigabitEthernet1/2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,100,401-440

switchport private-vlan trunk native vlan 1

switchport private-vlan trunk allowed vlan 100,101

switchport private-vlan association trunk 100 101

switchport mode private-vlan trunk

switchport nonegotiate

spanning-tree portfast trunk

end

interface GigabitEthernet1/3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,100,501-540

switchport private-vlan trunk native vlan 1

switchport private-vlan trunk allowed vlan 100,101

switchport private-vlan association trunk 100 101

switchport mode private-vlan trunk

switchport nonegotiate

spanning-tree portfast trunk

end

Access1

interface GigabitEthernet0/1
description Connect to 4503
switchport trunk allowed vlan 1,100,401-440
switchport mode trunk
switchport nonegotiate

Access2

interface GigabitEthernet0/1
description Connect to 4503
switchport trunk allowed vlan 1,100,501-540
switchport mode trunk
switchport nonegotiate

My my whole network stop after I input above command.

Would anyone tell me what is the problem?

I want following question

1) Would "switchport trunk allowed" and "switchport private-vlan trunk allowed vlan" atcive at the same time?

2) In my access switch, this is not support PVLAN. Do you mean I need to change VLAN100 to VLAN101?

3) In my route should I keep subinterface in VLAN100 or need to more to VLAN101?

Thank you very much!

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents