Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
2
Replies

Private VLAN Trunking

cjlinstcisco
Level 1
Level 1

‎09-26-2013 04:08 PM - edited ‎03-07-2019 03:42 PM

Is it possible to configure a switchport to trunk "normal" VLANs along with just a secondary VLAN out of a Private VLAN (no primary)?

Something like this:

vlan 20

private-vlan primary

exit

vlan 501

private vlan isolated

exit

vlan 1000

! Normal VLAN

exit

! Isolated Port

int eth 1

switchport mode private-vlan host

switchport private-vlan host-association 20 501

! Promiscuous port

int eth 2

switchport mode private-vlan promiscuous

switchport private-vlan mapping 20 add 501

! Wireless Access Point with WLAN on VLAN 1000 and Access Ethernet Port on VLAN 501 with all traffic trunked/tagged to switchport eth 3

int eth 3

switchport mode trunk

switchport trunk allowed vlan add 501,1000

Will traffic from eth 2 (promiscuous) be sent tagged to VLAN 501 out eth 3?

Will traffic received tagged for VLAN 501 on eth 3 be treated as recieved from an isolated host and only sent out eth 2 and any other VLAN 501 trunk ports?

I'm thinking not because there's no mapping of VLAN 20 and 501 on eth 3.  But I don't see any special configuration for private VLAN trunking so maybe it will work.  ??

If there's another way to send tagged traffic to an isolated secondary VLAN along with tagged traffic for a regular VLAN I'd appreciate a pointer in the right direction.

Thanks much.

Labels:
0 Helpful
2 Replies 2

cjlinstcisco
Level 1
Level 1

‎09-26-2013 04:32 PM

Actually, I guess I would provide the mapping from 501 to 20 like this:

vlan 20

private-vlan primary

exit

vlan 501

private vlan isolated

exit

vlan 1000

! Normal VLAN

exit

vlan 20

private-vlan association 501

exit

0 Helpful

cjlinstcisco
Level 1
Level 1
In response to cjlinstcisco

‎10-03-2013 10:28 AM

It looks to me like I need a switch that supports "Isolated PVLAN Trunk Ports" as described here:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/54sg/configuration/guide/pvlans.html#wp1130380

Does anyone know what switch lines other than the 4500 support this?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card