Private-vlan

olly ahmed · ‎06-30-2017

Hi,

Can anyone tell me what will happen if the scenario is like below:

- Primary vlan 10

- Private-vlan 30 (isolated)

I have 2 normal trunk interfaces (not in private-vlan trunk nor promiscuous mode) and in one there is a host on primary vlan 10 and in another there is a host on isolated private-vlan 30.

My question is, will the host of private-vlan 30 be able to communicate with the host on primary vlan 10 ?

Julio E. Moisa · ‎06-30-2017

Hi

If the host on vlan 10 is configured as promiscuous it will be able to talk with the host on vlan 30.

The isolated port cannot enable communication with other isolated ports on the same vlan, just with the promiscuous ports associated to the primary vlan.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

olly ahmed · ‎07-01-2017

Hi Mosia,

Thanks for your help. I found in my production that two interfaces are configured as normal trunk interface (not promiscuous) and primary & private-vlans are also allowed on the interfaces. I found a host with isolated vlan 30 on Ethernet105/1/11 can communicate with a host of primary vlan on interface port-channel100. Is this the normal communication behavior ? Below are the configuration for both the interfaces.

interface Ethernet105/1/11
switchport mode trunk
switchport trunk native vlan 111
switchport trunk allowed vlan 10-30,900-906,950-971,2000-3000
spanning-tree port type edge trunk

N5k# show running-config interface po100

version 5.2(1)N1(5)

interface port-channel100
switchport mode trunk
switchport trunk native vlan 111
switchport trunk allowed vlan 10-30,900-906,950-971,2000-3000
spanning-tree port type edge trunk
speed 10000