Isolated PVLAN Trunk Port to non PVLAN Switch

David Kondicz · ‎07-02-2016

Hi all,

i am trying to configurate Isolated PVLAN Trunk Port on my Cat4500e Sup7 on downlink port to NON PVlan Cat 2960s Switch.

I need to forward Vlan 30 (non isolated) and Vlan 50 (Secondary Vlan 501 as isolated)

I used this config on Cat 4500e:

Switch# configure terminal
Switch(config)# interface gig 5/2
Switch(config-if)# switchport mode private-vlan trunk secondary
Switch(config-if)# switchport private-vlan trunk allowed vlan 30,50,501
Switch(config-if)# switchport private-vlan association trunk 50 501

I used this config on Cat 2960s:

Switch# configure terminal
Switch(config)# interface gig 0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 30,50

On cat 4500e show mac add int gi 5/2 can see only Multicast MAC addresses for vlan 50.

Vlan 30 looks OK.

Anyone any idea?

Isolation localy on cat4500e works ok, but i need to make several trunks to non pval switches like cat 2960x,3560x,3650...

Thank you

Br

Dave

David Kondicz · ‎07-03-2016

Hi all,

as i see Private Vlaning on cisco losk to be a big taboo.

As i found, we can make an isolated trunk as private-vlan trunk secondary only if we have connected to this port a cat4500 series or higher, that supports private vlan. I am wondering on this and i am very very confused that there is such a big incompatibility between series. There is a big big hole and we will have a big problem if you want to upgrade your core switch that you have used simple protected ports before.

It will be a better way to choose another vendor than Cisco, becouse only way as i found on cisco tool is to upgrade Sup7 to Sup8E! And that is just crazy.

Sup 8 supports Private-Vlan Edge that looks be the same as the simple function as Protected port on Much cheaper Cat2960 switches.

Br

Dave

sivadura · ‎03-30-2018

I am too facing the same problem in Nexus 7000.