Ok so there are hundreds of Private Vlan videos and documents and they all start and end the same way.

They all leave out the non-private vlan and uplink port communications.

Switch 4900m_B

     primary vlan 50

     Isolated vlan 51

     promiscuous port to upstream switch 4900m_A

vlan 100 all other servers

4900m_B-------4900m_A---------7600

I need to isolate my network infrastructure servers with private vlans. These servers do not need to communicate with each other -ever, BUT may need to communicate with other non-infrastructure servers attached on this same switch. Access between private vlans and regular vlans will be controlled by ACLs on the 7600 router. The other servers on this 4900m_B switch are configured in non-Private Vlans (I.E. regular vlans). Infrastructure servers needed to be implemented into the private vlans configuration are Netflow, NMS, ACS and Ciscoworks.

Private vlans 50 and 51 are configured on 4900m_B switch as-well-as regular vlan 100 that is not part of any private vlan configuration.

The link between 4900m_B and 4900M_A is not a trunk link nor is the link between 4900m_A and the 7600 router.

Switch  4900m_A is not configured with private vlans.

Both 4900m switches have the 7600 router as the default gateway (I know this is a strange setup but it's what I received)

Do you think this is going to work?

Can servers in vlan 100 on 4900m_B switch also send frames out the promiscuous port (just like the private vlan devices) so the 7600 router can route them back to vlan 50 to reach the Private Vlan infrastructure servers?

Thank you

Regards

Frank