Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1038
Views
0
Helpful
5
Replies

Private VLAN with 3550

stefan.geiser
Level 1
Level 1

‎09-08-2004 06:37 AM - edited ‎03-02-2019 06:19 PM

I'm using a Cat 3550 Switch for a DMZ Szenario.

Beside a PIX Firewall there are severeal Servers connected to this Switch.

My intention is to use private-vlan to isolate the servers from one another.

now when I configure the Private-VLANS with

vlan 10

private-vlan primary

vlan 11

private-vlan isolated

but when I type a "show vlan private-vlan type" the following is displayed:

Vlan Type

---- -----------------

10 normal

11 normal

and a "show vlan private-vlan" reveals the follwing:

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

10 11 non-operational

is this a bug or is private-vlan in this sense not supported.

does anyone have an idea (beside using regular vlans for each server) how to solve this problem?

thanks

stefan

Labels:
0 Helpful
5 Replies 5

mcavuto
Level 1
Level 1

‎09-08-2004 06:44 AM

Try with the command under vlan 10:

private-vlan association 11

bye

Marco

0 Helpful

stefan.geiser
Level 1
Level 1
In response to mcavuto

‎09-08-2004 11:02 PM

thanks, this is what I've already done (forgot to mention it...)

still, the problem is the same

btw: I've also already upgrade to the newest IOS (12.2.22SE), with no effect...

0 Helpful

pflunkert
Level 4
Level 4
In response to stefan.geiser

‎09-09-2004 12:12 AM

PVLAN is not fully supported on the Cat 3550. Only the PVLAN Edge (Protected Port) is supported in the moment.

URL: http://www.cisco.com/en/US/partner/products/hw/switches/ps4324/products_tech_note09186a0080094830.shtml

regards

Peter

0 Helpful

stefan.geiser
Level 1
Level 1
In response to pflunkert

‎09-14-2004 06:13 AM

Yeah, I now. But still I don't understand what the PVLAN Edge feature includes and what not.

I've heard that you may not use PVLAN over multiple Switches, but in my case, this is not an issue.

I simply try to isolate multiple ports as PVLAN is intended for...

regards

Stefan

0 Helpful

pflunkert
Level 4
Level 4
In response to stefan.geiser

‎09-14-2004 09:51 PM

Hi Stefan,

for what you want, you need a switch which fully support PVLANs. The PVLAN edge (protected port) is a feature that has only local significance to the switch (unlike Private Vlans), and there is no isolation provided between two protected ports located on different switches. A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port in the same switch. Traffic cannot be forwarded between protected ports at L2, all traffic passing between protected ports must be forwarded through a Layer 3 (L3) device. PVLANs provide layer 2 isolation between ports within the same broadcast domain. There are three types of PVLAN ports:

Promiscuous: A promiscuous port can communicate with all interfaces, including the isolated and community ports within a PVLAN.

Isolated: An isolated port has complete Layer 2 separation from the other ports within the same PVLAN, but not from the promiscuous ports. PVLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic from isolated port is forwarded only to promiscuous ports.

Community: Community ports communicate among themselves and with their promiscuous ports. These interfaces are separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN.

Regards

Peter

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card