cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
433
Views
0
Helpful
2
Replies

Private Vlan Configuration Between Multiple Trunk Switches

Dear Experts
As I have started a topic earlier about STP between Cisco and Huawei then we got the result either we need to user MSTP or Isolate Areas

Idea is clear about Primary and Secondary vlans

Please advise If we have multiple Switches in Network from Switch 1 to Switch 20 and there are more Access layer switches connected with these 20 switches.
Please see below example and share your thoughts

Example Below

Server1= Vlan 10
Server2= Vlan 20
Switch1 is Aggregation Switch
Switch2 is Aggregation Switch
Switch3 is Aggregation Switch
Switch4 is Aggregation Switch
Switch5 is Access Switch connected with Switch3 and both switches connected with eachother on Gi0/1


Switch5 Config
I want to Create 4 Private Vlans 100 & 200 as Community and 300 and 400 as Isolated Vlans
Port gi0/1 Will be Promiscuous port 
Isolated Clients / Ports need access to both Servers as well as Community users as well to access Both Servers

Question:

*Do we Need to create vlans 100 200 300 and 400 in All aggregation switches and pass on trunk or only Primary Vlan need to carry Until Switch1 ?

*How we can Configure an Isolated Port (To access both Servers as both are in different vlans) Do we need to configure a port with 2 Primary vlans with 2 different Isolated vlans ?

Also one more question, In this Scenario we have other brand switches connected as well (Huawei), If only Primary Vlans need to be carried , will it work if carried on trunk ports .

Please advise
Thanks


1 Accepted Solution

Accepted Solutions

M02@rt37
VIP
VIP

Hello @Muhammad Kamran Shahzad,

In this scenario, you would need to create the PVLANs on all aggregation switches and pass them on trunk links to the access switch (Switch5). This is because the PVLANs need to be propagated to all switches in the network to provide the necessary isolation and community grouping.

To configure an isolated port on Switch5 that can access both Server1 and Server2, you would need to configure the port as a host port and assign it to the isolated VLANs (VLAN 300 and VLAN 400). You would also need to configure the primary VLANs (VLAN 10 and VLAN 20) on the port to allow access to the servers. This would allow the isolated clients to communicate with the servers while still being isolated from each other.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

2 Replies 2

M02@rt37
VIP
VIP

Hello @Muhammad Kamran Shahzad,

In this scenario, you would need to create the PVLANs on all aggregation switches and pass them on trunk links to the access switch (Switch5). This is because the PVLANs need to be propagated to all switches in the network to provide the necessary isolation and community grouping.

To configure an isolated port on Switch5 that can access both Server1 and Server2, you would need to configure the port as a host port and assign it to the isolated VLANs (VLAN 300 and VLAN 400). You would also need to configure the primary VLANs (VLAN 10 and VLAN 20) on the port to allow access to the servers. This would allow the isolated clients to communicate with the servers while still being isolated from each other.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

M02@rt37
VIP
VIP

@Muhammad Kamran Shahzad,

As for your question about carrying only primary VLANs on trunk ports between different switch brands, it should work as long as the trunking protocols used (such as IEEE 802.1Q) are compatible between the switches. However, it is always recommended to use the same brand of switches throughout the network to ensure optimal compatibility and functionality.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
Review Cisco Networking for a $25 gift card