Solved: Re: Private VLAN trunking question - Page 2

Sanjay Ramaswamy · ‎08-19-2010

I have a question on when to use private VLAN trunking. I have read when trunking to a device that is not PVLAN aware, you should use PVLAN trunking. If you are trunking between devices that are PVLAN aware the you should use regular trunking.

What it doesn't tell me is why. Why do we need to use private VLAN trunking?? If the PVLANs are tagged using dot1Q then what is the purpose of using PVLAN trunking - it is not clear what is gained.

Thanks in advance...

Stephan P. · ‎02-21-2023

Hello,

is it possible to have the promiscous port from a private Vlan on another switch?

I have different community PvLan on Switch1 and ther same commuty PvLan on Switch2. But only Switch 2 has an Uplink to Internet (Promiscous) over a Firewall.

Both Switches are Connected via Trunk to a CoreSwitch.
If it works, that a host in PvLan on Switch1 gets the Internet-Link on Switch2, how the Trunk Connection and especiasly the Core Switch should be configured?

Switch1: transparent
vlan 100
private-vlan primary
private-vlan association 101-102
!
vlan 101
private-vlan community
!
vlan 102
private-vlan community

interface GigabitEthernet1/0/1
switchport private-vlan host-association 100 101
switchport mode private-vlan host

interface GigabitEthernet1/0/2
switchport private-vlan host-association 100 102
switchport mode private-vlan host

interface GigabitEthernet1/0/49
description Uplink-Core
switchport trunk encapsulation dot1q
switchport mode Trunk

Switch2: transparent
vlan 100
private-vlan primary
private-vlan association 101-102
!
vlan 101
private-vlan community
!
vlan 102
private-vlan community

interface GigabitEthernet1/0/1
switchport private-vlan host-association 100 101
switchport mode private-vlan host

interface GigabitEthernet1/0/2
switchport private-vlan host-association 100 102
switchport mode private-vlan host

interface GigabitEthernet1/0/3
description Uplink-Internet
switchport private-vlan mapping 100 101-102
switchport mode private-vlan promiscuous

interface GigabitEthernet1/0/49
description Uplink-Core
switchport trunk encapsulation dot1q
switchport mode Trunk

CoreSwitch: VTP Server
vlan 100

interface GigabitEthernet1/0/1
description Uplink-Switch1
switchport trunk encapsulation dot1q
switchport mode Trunk

interface GigabitEthernet1/0/2
description Uplink-Switch2
switchport trunk encapsulation dot1q
switchport mode Trunk

also doesn't work:
CoreSwitch: VTP transparent
vlan 100
private-vlan primary
private-vlan association 101-102
!
vlan 101
private-vlan community
!
vlan 102
private-vlan community

interface GigabitEthernet1/0/1
description Uplink-Switch1
switchport trunk encapsulation dot1q
switchport mode Trunk

interface GigabitEthernet1/0/2
description Uplink-Switch2
switchport trunk encapsulation dot1q
switchport mode Trunk

------------------------------------------------------------------------------------------------

On Switch2, both PvLan Community Hosts get Internet Connection, on Switch1 there is no chance.
What is the Trick? Hopefully someone can help.