Hi,

I have a Nexus 5000 Switch sat between 2 Routers on which I'm trying to configure Private Vlans. Vlan 1111 is configured as the Primary Vlan configured on the Upstream Port (Eth1/21) to Router A, Router A is configured with an IP address of 10.1.1.1/24

I'm then trying to configure a downstream port (Eth1/23) to act as the downstream trunk port to Router B, which is where I'm encountering issues. I have tried multiple configurations for a Private Vlan trunk, but I feel I coming across limitations in the way the 5000s run Private Vlans - The error below suggests that Community Vlans cannot be mapped to a Trunk Port.

5KSwitch(config-if)# switchport private-vlan association trunk 1111 1112
ERROR: Ethernet1/23 : Community vlan cannot be mapped on a secondary trunk port

Given that the above error seems to suggest that only isolated vlans can be mapped on a trunk port, I have tested using an isolated Vlan mapped to the Primary Vlan and whilst I'm able to trunk the isolated Vlan down the downstream trunk, I'm only able to create a single isolated per Primary Vlan which seems quite limited configuration wise, as given it being a trunk port, I'd like to send multiple Vlans down the link.

5KSwitch(config-vlan)# ex
ERROR: Primary vlan 1111 cannot be associated with more than 1 isolated vlan.
ERROR : cli_process_vlan_config_exit(295), command private-vlan association 1112-1114 FAILED
Cannot run commands in the mode at this moment. Please try again.
5KSwitch(config)#

Switch Version is 7.2(0)N1(1)

Has anyone encountered similar issues - Were you able to implement a workaround?

Thanks