Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
43745
Views
65
Helpful
15
Replies

Private VLAN trunking question

Go to solution
Sanjay Ramaswamy
Level 1
Level 1

‎08-19-2010 08:33 AM - edited ‎03-06-2019 12:33 PM

I have a question on when to use private VLAN trunking.  I have read when trunking to a device that is not PVLAN aware, you should use PVLAN trunking.  If you are trunking between devices that are PVLAN aware the you should use regular trunking.

What it doesn't tell me is why.  Why do we need to use private VLAN trunking??  If the PVLANs are tagged using dot1Q then what is the purpose of using PVLAN trunking - it is not clear what is gained.

Thanks in advance...

Labels:
0 Helpful
15 Replies 15

Go to solution
Stephan P.
Level 1
Level 1

‎02-21-2023 12:38 PM

Hello,

is it possible to have the promiscous port from a private Vlan on another switch?

I have different community PvLan on Switch1 and ther same commuty PvLan on Switch2.  But only Switch 2 has an Uplink to Internet (Promiscous) over a Firewall.

Both Switches are Connected via Trunk to a CoreSwitch.
If it works, that a host in PvLan on  Switch1 gets the Internet-Link on Switch2, how the Trunk Connection and especiasly the Core Switch should be configured?

Switch1: transparent
vlan 100
private-vlan primary
private-vlan association 101-102
!
vlan 101
private-vlan community
!
vlan 102
private-vlan community

interface GigabitEthernet1/0/1
switchport private-vlan host-association 100 101
switchport mode private-vlan host

interface GigabitEthernet1/0/2
switchport private-vlan host-association 100 102
switchport mode private-vlan host

interface GigabitEthernet1/0/49
description Uplink-Core
switchport trunk encapsulation dot1q
switchport mode Trunk

Switch2: transparent
vlan 100
private-vlan primary
private-vlan association 101-102
!
vlan 101
private-vlan community
!
vlan 102
private-vlan community

interface GigabitEthernet1/0/1
switchport private-vlan host-association 100 101
switchport mode private-vlan host

interface GigabitEthernet1/0/2
switchport private-vlan host-association 100 102
switchport mode private-vlan host

interface GigabitEthernet1/0/3
description Uplink-Internet
switchport private-vlan mapping 100 101-102
switchport mode private-vlan promiscuous

interface GigabitEthernet1/0/49
description Uplink-Core
switchport trunk encapsulation dot1q
switchport mode Trunk

 

CoreSwitch: VTP Server
vlan 100

interface GigabitEthernet1/0/1
description Uplink-Switch1
switchport trunk encapsulation dot1q
switchport mode Trunk

interface GigabitEthernet1/0/2
description Uplink-Switch2
switchport trunk encapsulation dot1q
switchport mode Trunk

 

also doesn't work:
CoreSwitch: VTP transparent
vlan 100
private-vlan primary
private-vlan association 101-102
!
vlan 101
private-vlan community
!
vlan 102
private-vlan community

interface GigabitEthernet1/0/1
description Uplink-Switch1
switchport trunk encapsulation dot1q
switchport mode Trunk

interface GigabitEthernet1/0/2
description Uplink-Switch2
switchport trunk encapsulation dot1q
switchport mode Trunk

------------------------------------------------------------------------------------------------

On Switch2,  both PvLan Community Hosts get Internet Connection, on Switch1 there is no chance.
What is the Trick? Hopefully someone can help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card