I found a similar post on that topic last year, but I prefer to restart a new post for this specific question:
I have a Cat 6500 (Sup-720 and IOS 12.2(33)SXH2a), on which I have several DMZ vlans configured. On a trunk port thansporting all these DMZs, I have a Checkpoint firewall connected, that also support 802.1Q of course. Now, each vlan is a primary vlan of a private vlan domain, Then, I configure private community vlans on which I connect systems that do not have to communicate together. They only have to communicate with the corresponding promiscous port on the primary vlan.
The problem is that I can't configure the trunk port as promiscous like in a Catalyst 4500 with the command :
Cat4500(config-if)# switchport mode private-vlan trunk promiscuous
This is a real problem because I cannot dedicate a port for each DMZ on the firewall..
Is there any IOS version that allows it ? What would be the solution ?