Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
3
Replies

Connecting two Catalyst IOS switches using private-vlan isolated ports

Go to solution
chad patterson
Level 1
Level 1

‎09-13-2018 05:21 PM - edited ‎03-08-2019 04:09 PM

Hello all,

 I am trying to connect two switches together using two ports. Rather than using STP or something, I am trying to prevent looping by implementing private vlans; to isolate the ports from one another.

 

On Switch #1, I have created two private-vlan isolated ports. 

On Switch #2, I connect two access-ports to the Switch #1 isolated ports.

So in theory (my theory), any device connected to Switch #2 should be able to ping any other device connected to Switch #2.  However any device on Switch #1 should not be able to ping any device on Switch #2.

 

But that is NOT what is happening. Nothing on Switch #2 can communicate with Switch #1, and vice versa. But when I set the ports on switch#1 to be promiscuous rather than isolated, everybody can communicate. But that's not what I'm going for; I am trying to allow only vlan 101 outbound traffic from switch#2 to pass through switch#1. 

 

Can somebody please explain why this not working as I expect it to, and if it is indeed possible to make this work as expected?

 

 

deleteme1.jpgdeleteme2.jpg

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chad patterson
Level 1
Level 1

‎09-18-2018 10:29 AM

I found the answer to the problem.  

 

I was running this simulation in VIRL, and when I changed the Switch#2 to an unmanaged switch, then it worked as expected. So it seems that as long as the switch recognizes PVLAN tagging, then this is not possible.

 

deleteme.answer.too.PNGdeleteme.answer.PNG

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-13-2018 11:46 PM

How is the configuration done between Switches.

 

look at sample configuration and setup as below :

 

https://www.cisco.com/c/en/us/support/docs/lan-switching/private-vlans-pvlans-promiscuous-isolated-community/40781-194.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
chad patterson
Level 1
Level 1
In response to balaji.bandi

‎09-14-2018 09:03 AM - edited ‎09-21-2018 03:31 PM

@balaji.bandi: Thanks for posting a link to the page where I obviously got the diagram from. 

 

The configuration between the switches is what the included configuration is in the diagram. The top switch is Switch#1 and the bottom diagram is Swtich#2. I am trying to put the private-vlan isolated ports on Switch#1, and connect the host to switch to Switch#2.

 

So to sum it all up, I am basically trying to connect two switches together using private-vlan isolated ports. 

 

My question is, why isn't that working? Is it possible to make it work, and if so, how?

0 Helpful

Go to solution
chad patterson
Level 1
Level 1

‎09-18-2018 10:29 AM

I found the answer to the problem.  

 

I was running this simulation in VIRL, and when I changed the Switch#2 to an unmanaged switch, then it worked as expected. So it seems that as long as the switch recognizes PVLAN tagging, then this is not possible.

 

deleteme.answer.too.PNGdeleteme.answer.PNG

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card