Re: configuring pvlan on a hybrid switch and fwsm 3.1

ckwong · ‎07-30-2006

I need to configure pvlans behind fwsm on a hybrid 6500. My primary vlan is 601 and secondary vlan is 691. my fwsm is on module 2. When i do a 'set pvlan mapping 601 691 2/1-6", i received an error: "Trunking port cannot be made a Promiscuous port.Failed to set mapping between 601 and 691 on 2/1-6". In this case, how can do a mapping to promiscuous port? Or do i even need to specify a promiscuous port? Pls advise, thanks.

hknippenberg · ‎07-30-2006

The configuration guide for software version 3.1. refers to the use of private VLANs on page 2-3 "VLAN guidelines". When you make your primary VLAN a firewall-VLAN, then "the FWSM automatically handles secondary VLAN traffic"

ckwong · ‎07-31-2006

hi hknippenberg,

thanks for your reply. I read that document too. I am just confused on the switch end. Other than configuring L2 pvlans at the switch, do i need to specify a promiscuous port for the pvlans?

Btw, what does promiscuous port mean? Is it a L3 vlan or a L3 interface or L3 terminating device?

hknippenberg · ‎07-31-2006

Hi,

OK, you've got me there. I was busy studying a FWSM deployment with software 3.1 when I read your mail.

Based on what I read, you're done when you've created your switchports with PVLANS. When you assign the primary VLAN to the FWSM for routing/firewall functions, the FWSM learns the PVLAN config from the switch and honors it. Since the FWSM uses an EtherChannel as a backplane connection, and EtherChannels are not supported for PVLANs, I assume there's some hidden stuff going on in the backplane.

promiscuous mode is also used by packet sniffers to read more from the network than is directed to its local MAC address. It's a state in which a device operates.

Hope this is helpfull

Hans