Hi Community,

Basically our pvlan implementation is working well in our DC => FEX interfaces configured in mode pvlan host and a promiscuous defined at our core switch allow a secured communication. 

Now we are trying to implement dvSwitch with the pvlan feature in order to prevent the VMs communication within the same ESX.

I understand that we just need to extend the pvlan across 802.1q trunk (just like normal vlans) then the dvSwitch will enforce the pvlans communication.

The problem is when adding in Hif the pvlans on the trunk as regular vlans it won’t allowed them

Let’s say we have vlan 10 is primary – vlan 11 isolated – vlan 12 community. When trying to configure a Hif as regular trunk on both N5k =>

interface Ethernet121/1/11

switchport mode trunk

switchport trunk allowed vlan 10,11

The vlan are not allowed on the trunk (even if the allowed range is 10-12).

sh interface Eth121/1/11 trunk

Port                    Vlans Allowed on Trunk

Eth121/1/11          -

======================

As soon as we unconfigure the pvlan primary/secondary feature from the vlans ( no private-vlan) – vlan 10-11 or 12 are allowed on the trunk again.

To sum-up does someone has already pvlan configured on N5K/N2k and try to forward them as regular vlan through a trunk on a N2K HOST interface ?

Is it possible to connect a ESX with dvSwitch & PVLANs configured through a N2k interface ?

Or am I missing something ?

I suppose it will work by connecting the ESX directly to the N5k.

N5K-C5548P - 5.0(3)N1(1c)  / N2K-C2248TP-1GE

Thanks for any suggestions !

Karim