Private VLAN Trunking

cjlinstcisco · ‎09-26-2013

Is it possible to configure a switchport to trunk "normal" VLANs along with just a secondary VLAN out of a Private VLAN (no primary)?

Something like this:

vlan 20

private-vlan primary

exit

vlan 501

private vlan isolated

exit

vlan 1000

! Normal VLAN

exit

! Isolated Port

int eth 1

switchport mode private-vlan host

switchport private-vlan host-association 20 501

! Promiscuous port

int eth 2

switchport mode private-vlan promiscuous

switchport private-vlan mapping 20 add 501

! Wireless Access Point with WLAN on VLAN 1000 and Access Ethernet Port on VLAN 501 with all traffic trunked/tagged to switchport eth 3

int eth 3

switchport mode trunk

switchport trunk allowed vlan add 501,1000

Will traffic from eth 2 (promiscuous) be sent tagged to VLAN 501 out eth 3?

Will traffic received tagged for VLAN 501 on eth 3 be treated as recieved from an isolated host and only sent out eth 2 and any other VLAN 501 trunk ports?

I'm thinking not because there's no mapping of VLAN 20 and 501 on eth 3. But I don't see any special configuration for private VLAN trunking so maybe it will work. ??

If there's another way to send tagged traffic to an isolated secondary VLAN along with tagged traffic for a regular VLAN I'd appreciate a pointer in the right direction.

Thanks much.

cjlinstcisco · ‎09-26-2013

Actually, I guess I would provide the mapping from 501 to 20 like this:

vlan 20

private-vlan primary

exit

vlan 501

private vlan isolated

exit

vlan 1000

! Normal VLAN

exit

vlan 20

private-vlan association 501

exit

cjlinstcisco · ‎10-03-2013

It looks to me like I need a switch that supports "Isolated PVLAN Trunk Ports" as described here:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/54sg/configuration/guide/pvlans.html#wp1130380

Does anyone know what switch lines other than the 4500 support this?