Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4571
Views
0
Helpful
7
Replies

private vlans across multiple switches

Computime SCC
Level 1
Level 1

‎11-12-2012 10:52 PM - edited ‎03-07-2019 10:00 AM

I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?

what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature

Labels:
0 Helpful
7 Replies 7

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎11-12-2012 11:02 PM

Hi,

I hope these document help to understand more :

http://blog.ine.com/2008/01/31/understanding-private-vlans/

http://blog.alwaysthenetwork.com/tutorials/private-vlan-tutorial/

Regards

Please rate if it helps.

0 Helpful

ksherwood
Level 1
Level 1
In response to Sandeep Choudhary

‎01-12-2013 12:56 AM

Sandeep/anyone, can you please comment on the ability to configure 'port security'  on 3750 private vlan edge interfaces ?

I have read versions of yes and no, so what is it ??? 

0 Helpful

Praveen AR
Level 1
Level 1
In response to Sandeep Choudhary

‎01-13-2013 03:13 AM

Hi Ksherwood,

There is no difference in switchportsecurity it works  same as nor mal access port configuration.

Regards

Praveen

0 Helpful

Praveen AR
Level 1
Level 1

‎01-13-2013 03:06 AM

Hi

Private vlan works only in  switches with vtp transparent mode,You have to manually create private vlans on both switches.And make both port isolated.

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Praveen AR

‎01-13-2013 03:23 AM

Hello Praveen,

To be precise, Private VLANs are supported with VTPv3, and recent IOSes on 2960/3560/3750 support VTPv3. However, if running VTPv1 or VTPv2, you are correct that the switches must be put into Transparent mode (which is a best practice, anyway).

Best regards,

Peter

0 Helpful

ksherwood
Level 1
Level 1
In response to Peter Paluch

‎01-13-2013 03:02 PM

It is due to the particular IOS I am running,  C3750-ADVIPSERVICESK9-M), Version 12.2(25)SEE

Port security isn't implemented for private VLANs with this IOS

SW1(config-if)#switchport port-security

Command rejected: FastEthernet1/0/1 is a pvlan host port

Later IOS, ie 12.2(53)SE would work and allow VTP version 3

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to ksherwood

‎01-14-2013 02:12 AM

Hi,

The 12.2(25)SEE is a very old IOS indeed (I guess from 2007 or so). I would recommend running 12.2(55)SE6. Avoid 12.2(58) and newer - they do not appear to be stable or tend to consume CPU/memory excessively.

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card