Can you connect a router to a promiscuous port on a primary private VLAN to route between different ...

Sam Brynes · ‎01-03-2020

My best guess is no, because all hosts on the different community VLANs are using network number (e.g. 192.168.100.0/24).

For a router to route between different community VLANs associated with the same primary VLAN, the hosts on the community VLANs would need to be on different networks.

Am I understanding this correctly?

paul driver · ‎01-03-2020

Hello

If i understand you correctly you wish for two community vlans to be able to communicate with each other via the primary vlan, if that is correct then yes you can.

You will just require both vlans appended under the primary vlan L3 interface and map those vlans

example:
Primary vlan 100
community vlan 110
community vlan 120

int vlan100
ip address 110.110.110.254 255.255.255.0
ip address 120.120.120.254 255.255.255.0 secondary
private-vlan mapping 110,120

Each host of either vlan 110, 120 would then need to have their D/G of the L3 addressing that is assigned under the primary vlan.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sam Brynes · ‎01-03-2020

In this example, the secondary VLANs have unique subnets. If the all secondary VLANs share the same IP space, I'm assuming this wouldn't work, correct?

paul driver · ‎01-03-2020

Hello Sam

@Sam Brynes wrote:

In this example, the secondary VLANs have unique subnets. If the all secondary VLANs share the same IP space, I'm assuming this wouldn't work, correct?

At the L2 level no it wont.

As you are aware vlans are used to segregate ip ranges into their own broadcast domains so if they share the ip range then it would just be a large single domain and no requirement for multiple vlans however pvlans allow segregation in the same ip range as you have stated -Can you verify your request as I may misunderstood your OP

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sam Brynes · ‎01-03-2020

Sure. I thought that the whole reason for PVLANs was to preserve IP space (every time you subnet you lose one for the network and another for the broadcast), and to provide additional broadcast domain segmentation (within a subnet). I could be wrong though?

Georg Pauwen · ‎01-04-2020

Hello,

post what you have configured and what works (or doesn't work) as expected. Or is this just a theoretical question ?

paul driver · ‎01-04-2020

Hello Sam

yes you are correct it is but aren't we talking about L3 interfaces?

you mentioned appending pvlan community vlans over L3 of the primary vlan correct

If you are meaning community's vlans being able to each over L2 then that isn't applicable if you wish certain hosts in a pvlan to be able to communicate with each other they simply need to be in the same community vlan , if you wish two community vlans to reach each other then L3 is required - can you please verify ?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Can you connect a router to a promiscuous port on a primary private VLAN to route between different secondary community VLANs?