08-28-2020 11:44 AM
I am trying to setup an Isolated Private VLAN and running into some issue mixing the enterprise & SMB environments. I have a few switch ports I want to configure to talk to the internet only and not allow the devices connected to these ports to talk to each other. I have created an Isolated VLAN 510, with a primary VLAN500 to put these hosts in.
The switchports these devices plug into are on a Cisco SG350x switch in which I have configured 2 VLANs, 500 (Primary VLAN) & 510 (Secondary VLAN)
The ports I am connecting to my host devices are configured as Private VLAN – Host port
interface GigabitEthernet4/0/46
loopback-detection enable
switchport mode private-vlan host
switchport access vlan 510
switchport private-vlan host-association 500 510
Now here is where I am confused, my SG350x switch stack is connected to Cisco 3860 stack via fiber uplinks. I have these fiber uplinks configured in a LAG to connect the two switch stacks. This LAG is configured as a trunk carries my various VLANs across (I do not have 510 in this trunk). My Cisco 3860 stack has an uplink to my firewall which I am trying to get these two ports to communicate with for DHCP/Internet access.
Do I configure the same Private VLAN settings on the Cisco 3860 stack and tag my uplink port to my firewall as Private VLAN promiscuous port?
My uplink port on the 3860 to my firewall is a trunk with a few VLANs, the others not having anything to do with my Private VLAN, will that make a difference?
08-29-2020 02:02 AM - edited 08-29-2020 11:21 PM
Hello
How many switchports do you want to negate communicating with each ohter ,if it just a smal amount then a simple protected port should accomplish this and when applied will negate communication to other protoected ports
int xx
switchport protected