02-22-2011 08:53 PM - edited 03-06-2019 03:42 PM
Hi ,
I just wanted to know if Cisco WS-3750G-48TS supports trunking "private-vlans". IOS running is 12.2(44)SE2.
I would like to know if we could trunk private vlans across 2 * 3750's. The interconencting port doesnt have seem to support " switchport mode private-vlans trunk"
Can someone help?
Regards
Kishore
Solved! Go to Solution.
02-23-2011 02:54 AM
Hello Kishore,
Private VLANs can be correctly transported through normal trunks, and this is their most common application. There are two additional types of trunks for Private VLANs that perform specialized modification of the 802.1Q tag in egress frames, however, these kinds of trunks are necessary only in special scenarios. Are you sure you need a promisc PVLAN or an isolated PVLAN trunk?
I have described their differences in another thread here on CSC:
https://supportforums.cisco.com/message/3160548#3160548
In any case, the 3750 does not seem to support special PVLAN trunks. These are supported only on 4500 and higher Catalysts. 3750 supports only regular trunks that are appropriate for most PVLAN deployments.
Best regards,
Peter
02-23-2011 02:54 AM
Hello Kishore,
Private VLANs can be correctly transported through normal trunks, and this is their most common application. There are two additional types of trunks for Private VLANs that perform specialized modification of the 802.1Q tag in egress frames, however, these kinds of trunks are necessary only in special scenarios. Are you sure you need a promisc PVLAN or an isolated PVLAN trunk?
I have described their differences in another thread here on CSC:
https://supportforums.cisco.com/message/3160548#3160548
In any case, the 3750 does not seem to support special PVLAN trunks. These are supported only on 4500 and higher Catalysts. 3750 supports only regular trunks that are appropriate for most PVLAN deployments.
Best regards,
Peter
02-23-2011 03:52 AM
Hi Peter,
Thanks for the response. Appreciate that. Read your other thread. I was shopping around on Google and came across this thread which you added some input as well sometime ago. But in this case instead of a firewall. I have another 3750 switch.
https://supportforums.cisco.com/message/3181019
What I am looking for is a trunk that will trunk Primary VLAN's and also the regular vlans as well on a 3750. I am attaching the network setup.PLease ignore the router as its not there.
So apart from the primary vlan 100,, I have regular vlans 500,600,700. So, what i want to achieve is to trunk the primary vlan 100 and also the regular vlans as well.
Hope I am making myself clear here.
Regards,
Kishore
02-23-2011 04:37 AM
Hi Kishore,
You are welcome.
If I understand you correctly you want to trunk all VLANs, both private and regular, between your switches without any further modification. Is that so? If yes then the regular trunks will do just that.
Regular trunks (switchport mode trunk) carry all VLANs including private VLANs (primary and secondary VLAN IDs) and all other VLANs. They do not perform any 802.1Q tag rewriting and simply carry all frames with their proper VLAN ID. Is this what you want?
Best regards,
Peter
02-27-2011 07:38 PM
Hi Peter,
Sorry for the late response. I guess what I need is a 4500 conencting the Layer3 device to get a promiscous trunk (as 3750's dont support that) and everythig else can be just regular trunks between the 3750 switches. Would I be right?
Thanks again,
I like your explanation which you gave in the other post. Very detailed and clear.:-)
02-27-2011 10:59 PM
Hi Kishore,
I guess what I need is a 4500 conencting the Layer3 device to get a promiscous trunk (as 3750's dont support that) and everythig else can be just regular trunks between the 3750 switches. Would I be right?
It depends on your needs. Please note that a promiscuous PVLAN trunk replaces the secondary VLAN IDs with the primary VLAN ID, and so "NATs" all the secondary PVLANs behind the primary PVLAN. Is this what you want? Do you need to attach a device to your network that does not understand Private VLANs but still needs to speak 802.1Q? Please note that if the device does not need to be placed on a trunk port then it can be connected to a promiscuous port (not a trunk - just a PVLAN promisc port) and all will be well.
Can you perhaps better explain your needs? I guess we're somewhat stuck at this point because I do not understand correctly your intentions.
Best regards,
Peter
02-28-2011 01:26 AM
Hi Peter,
It depends on your needs. Please note that a promiscuous PVLAN trunk replaces the secondary VLAN IDs with the primary VLAN ID, and so "NATs" all the secondary PVLANs behind the primary PVLAN. Is this what you want? Do you need to attach a device to your network that does not understand Private VLANs but still needs to speak 802.1Q?
---Yes, we will be connecting a CIsco ASA which would be doing the layer3 functionality
Please note that if the device does not need to be placed on a trunk port then it can be connected to a promiscuous port (not a trunk - just a PVLAN promisc port) and all will be well.
--- This has to be a trunk as we will using multiple primary vlans
Please see attached diagram. Instead of a router, we will be using a Cisco ASA 5520.
Regards,
Kishore
02-28-2011 01:54 AM
Hi Kishore,
Yes, you are correct, then - the trunk to the ASA needs to work as promisc PVLAN trunk. A 4500 would be necessary for this. How many primary PVLANs do you have?
Best regards,
Peter
02-28-2011 02:09 AM
Hi Peter,
Thanks for the quick response. We have quite a few, still in design phase...for OOB mgmt etc.. I really appreciate your help and explanation.
Thanks heaps again.
Regards,
Kishore
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide