Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
2
Helpful
5
Replies

Private vlan through trunk

Go to solution
aw75635
Level 1
Level 1

‎09-17-2023 02:36 AM

Hello,

I am trying, in my lab, to make computers running in a private vlan, reach the gateway. 

I am probably missing some config on the trunk port, I believe. 

The lab looks like this - see attached picture 

So, the PCs running behind sw01 and sw03 are not able to reach gateway, on router c1-l1-r1 / r2

Between switches, there PVLAN works as it should. 

What should be configured, on the switch or/and on the router, in order to make computers, running in PVLan reach the gateway?

Thank you!

Labels:
Preview file
146 KB
1 Accepted Solution

Accepted Solutions

Go to solution
KJK99
Level 3
Level 3

‎09-17-2023 05:38 AM

@aw75635 

Only the server connected to the promiscuous port should be able to reach those gateways. The PCs connected to the isolated and community ports should not. The PCs connected to the isolated ports should be able to interface only the server on the promiscuous port. The PCs connected to the community ports should be able to interface with each other and the server on the promiscuous port. That’s how private VLANs work. That’s how private VLANs work. To allow the PCs reach the gateways, you would need to connect them to promiscuous ports, but that would defeat the purpose of having a private VLAN.  

Kris K

View solution in original post

0 Helpful
5 Replies 5

Go to solution
M02@rt37
VIP
VIP

‎09-17-2023 02:46 AM

Hello @aw75635?,

Please provide Sw1 port Trunk configuration toward Routers.

Thanks.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
ammahend
VIP
VIP

‎09-17-2023 03:45 AM

follow this guide to verify your config 

-hope this helps-
0 Helpful

Go to solution
Gopinath_Pigili
Spotlight
Spotlight

‎09-17-2023 04:48 AM

Router side....normal configuration...assing ip address and no shutdown... commands...

Swtich side ports should be configured as promiscuous


Interface range e0/0-1
switch port mode private-vlan promiscuous
switchport private-vlan mapping xx 20,21

Note: xx is the primary vlan number

Thanks

Go to solution
KJK99
Level 3
Level 3

‎09-17-2023 05:38 AM

@aw75635 

Only the server connected to the promiscuous port should be able to reach those gateways. The PCs connected to the isolated and community ports should not. The PCs connected to the isolated ports should be able to interface only the server on the promiscuous port. The PCs connected to the community ports should be able to interface with each other and the server on the promiscuous port. That’s how private VLANs work. That’s how private VLANs work. To allow the PCs reach the gateways, you would need to connect them to promiscuous ports, but that would defeat the purpose of having a private VLAN.  

Kris K
0 Helpful

Go to solution
aw75635
Level 1
Level 1
In response to KJK99

‎09-18-2023 08:58 AM

Thank you KJK99! I thought that the devices running in PVLAN should be able to access the gateway. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card