Hi Peter,

Thanks for the response. Appreciate that. Read your other thread. I was shopping around on Google and came across this thread which you added some input as well sometime ago. But in this case instead of a firewall. I have another 3750 switch.

https://supportforums.cisco.com/message/3181019

What I am looking for is a trunk that will trunk Primary VLAN's and also the regular vlans as well on a 3750. I am attaching the network setup.PLease ignore the router as its not there.

So apart from the primary vlan 100,, I have regular vlans 500,600,700. So, what i want to achieve is to trunk the primary vlan 100 and also the regular vlans as well.

Hope I am making myself clear here.

Regards,

Kishore

Hi Kishore,

You are welcome.

If I understand you correctly you want to trunk all VLANs, both private and regular, between your switches without any further modification. Is that so? If yes then the regular trunks will do just that.

Regular trunks (switchport mode trunk) carry all VLANs including private VLANs (primary and secondary VLAN IDs) and all other VLANs. They do not perform any 802.1Q tag rewriting and simply carry all frames with their proper VLAN ID. Is this what you want?

Best regards,

Peter

Hi Peter,

Sorry for the late response. I guess what I need is a 4500 conencting the Layer3 device to get a promiscous trunk (as 3750's dont support that) and everythig else can be just regular trunks between the 3750 switches. Would I be right?

Thanks again,

I like your explanation which you gave in the other post. Very detailed and clear.:-)

Hi Kishore,

I guess what I need is a 4500 conencting the Layer3 device to get a promiscous trunk (as 3750's dont support that) and everythig else can be just regular trunks between the 3750 switches. Would I be right?

It depends on your needs. Please note that a promiscuous PVLAN trunk replaces the secondary VLAN IDs with the primary VLAN ID, and so "NATs" all the secondary PVLANs behind the primary PVLAN. Is this what you want? Do you need to attach a device to your network that does not understand Private VLANs but still needs to speak 802.1Q? Please note that if the device does not need to be placed on a trunk port then it can be connected to a promiscuous port (not a trunk - just a PVLAN promisc port) and all will be well.

Can you perhaps better explain your needs? I guess we're somewhat stuck at this point because I do not understand correctly your intentions.

Best regards,

Peter

Hi Peter,

It depends on your needs. Please note that a promiscuous PVLAN trunk replaces the secondary VLAN IDs with the primary VLAN ID, and so "NATs" all the secondary PVLANs behind the primary PVLAN. Is this what you want? Do you need to attach a device to your network that does not understand Private VLANs but still needs to speak 802.1Q? 
---Yes, we will be connecting a CIsco ASA which would be doing the layer3 functionality
Please note that if the device does not need to be placed on a trunk port then it can be connected to a promiscuous port (not a trunk - just a PVLAN promisc port) and all will be well.
--- This has to be a trunk as we will using multiple primary vlans

Please see attached diagram. Instead of a router, we will be using a Cisco ASA 5520.

Regards,

Kishore

Hi Kishore,

Yes, you are correct, then - the trunk to the ASA needs to work as promisc PVLAN trunk. A 4500 would be necessary for this. How many primary PVLANs do you have?

Best regards,

Peter

Hi Peter,

Thanks for the quick response. We have quite a few, still in design phase...for OOB mgmt etc.. I really appreciate your help and explanation.

Thanks heaps again.

Regards,

Kishore