we have upgraded our core switch from cat3560x to cat 4506e with SUP 7 and i am going to be crazy from private vlans. :(
Can anyone helps me with som default port config fou my 4 scenarios?
Before i have used simple protected port on acces and trunk ports also.
We have using several vlans but mostly they are 300,500 and 10 more....
On Cat 3560x theumlink port was trunk or acces but as no protected. The downlink ports was as protected to isolate customers from each other.
On cat4500e i need to configure uplink port for vlan 300, 500 (as simple acces ports) also as trunk, and downlink ports as isolated acces port vlan 500, another for vlan 300. And one more trunk isolated downlink port for 12 vlans :(
Can anyone helsp me with simple config step by step?
No need to get crazy. From my point of view your question is unclear. Before going ahead with the configuratikn, you must clarify the logic of your setup. Why do you need tp use private vlan? Which requirement's constraint is forcing you to use private vlan? I am assuming to isolate communucation between customers. If so, then start to list and draw the logic of the communication. How many vlan do you have? Which vlan has to communicate with which vlan? Where is locate the promiscuos port? What about the host ports? Make clear the logic and the role of the ports before going ahead with config.
My current config on 3560x looks like this
Gi 0/1 - trunk alloved vlan 50-130 (will be good if vlan 50 will be isolated and other no - on 3560x not possible becouse inly interface can be isolated)
Gi 0/2 - acces vlan 30
range Gi 0/10-24 - swi acc vlan 50 (protected port)
Gi 0/25 - trun all vlan 30,50 (protected)
Gi 0/26 - acc vlan 30 (protected)
Gi 0/27 - tru all vlan 50,60,70,80,90,100 (protected)
Look to be a bit messy with pvlan :(
Sorry David I am not going to produce any configuration here. Again, my was only a suggestion. Simply try to understand the logic before do a show runn interface. Based on the logic of your design you could for sure find a solution, propose one and based on your solution you can have a discussion with pther technicians.
I cant find a logic, becouse there in not realy a logic. Pvlan isolated trunk works only if you are connection cat4500 switches or higher thats supports pvlan. But there is no chanse to make an simple isolation like protected ports. Bit crazy, dont think?