cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1389
Views
0
Helpful
5
Replies

Private-vlan promiscuous

Bthene
Level 1
Level 1

What is the actual difference between a primary vlan on a mode trunk/access port and a promiscuous on a mode private-vlan port?

5 Replies 5

LanDownUnda
Spotlight
Spotlight

Good Question Bthene,

 

Correct me if I'm wrong but I believe your referring to a "native vlan" when you say "primary vlan". Both of these share the same function which is to "pass traffic" either upstream or downstream but they are different technologies and have some different use cases. A promiscuous port is designed to pass traffic thats associated to a community or isolated port whilst a native vlan is designed for all traffic that hasn't been assigned a vlan to pass upstream or downstream.

 

I hope this helps!

*** Rate All Helpful Responses ***

Hi, no. Why im am asking is that I actually configured a access port with the primary vlan and it seems to be working just as a promiscuous at that moment.

Thanks for replying.

If you connect a host that is on an isolated port can you access it from
the primary vlan?

Posting your configuration is a good idea as well so I can understand how
it's been setup

Thanks!
*** Rate All Helpful Responses ***

Yes, Traffic between isolated host port and primary vlan.

 

I can post configuration later.

Hi,

 

    When you configure Private VLAN's, you're sub-dividing the (primary/main) VLAN into sub-VLAN's(secondary/private), in order to create some intra-vlan and inter-VLAN traffic policies. So intra-VLAN communication is now controlled through the isolated and community sub-VLAN's, while communication outside of the VLAN (inter-VLAN) is controlled by the promiscuous port. The promiscuous port is the ONLY port within this architecture which is actually a member of the primary VLAN.

      So what you're seeing is correct, a promiscuous port behaving like a port attached to the primary VLAN (no private-vlan promiscuous port specific configuration). There is tough a difference between the two, which is crucial: the reason they invented the "promiscuous port" instead of making use of the primary VLAN directly as the promiscuous port, is because with the promiscuous port you can control which secondary VLAN's actually can speak with the promiscuous port, so which ones have access outside of the VLAN.

 

Regards,

Cristian Matei.

Review Cisco Networking for a $25 gift card