Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
0
Helpful
4
Replies

Private VLANs (Trunk Promiscuous)

abimadaro4462
Level 1
Level 1

‎08-31-2019 08:01 AM

Hello Guys, 

I'm trying to configure private VLANs in my lab using Nexus 9000 and GNS3. I have two primary VLANs associated with two secondary VLANs connected to a router that configured as a router on a stick. The Nexus is connected to the router via an interface configured as trunk promiscuous, the issue is this port is always "inactive"

Please any advice? 

below is the configuration 


vlan 10
private-vlan primary
private-vlan association 100

 

vlan 100
private-vlan isolated

 

interface Ethernet1/1
switchport mode private-vlan host
switchport private-vlan host-association 10 100

 

interface Ethernet1/2
switchport mode private-vlan host
switchport private-vlan host-association 10 100

i

nterface Ethernet1/3
switchport mode private-vlan trunk promiscuous
switchport private-vlan trunk allowed vlan 1-3967
switchport private-vlan mapping trunk 10 100

Labels:
0 Helpful
4 Replies 4

abimadaro4462
Level 1
Level 1

‎08-31-2019 10:37 PM

Any help for this!?
0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-01-2019 09:32 AM

Hello abimadaro4462,

the port connecting to the router should be an access port in primary Vlan 100.

the switchport mode private-vlan trunk promiscous is  a command to be used between two switches that have to share and use the same set of primary and secondary Vlans.

From the router's point of view private Vlans do not exist only one IP subnet associated to the primary  vlan.

 

Try again with a different configuration for the port to the router as suggested above.

 

Hope to help

Giuseppe

 

0 Helpful

abimadaro4462
Level 1
Level 1
In response to Giuseppe Larosa

‎09-03-2019 12:45 PM

Thanks for your reply, I have changed the configuration but still not working. Actually since i have more than one primary VLAN, the connected port to the router should be trunk. I have tried to configure it as normal trunk and also i tried the access one but no luck, the host still not able to ping the router.

Any advise please?

0 Helpful

Lass11
Level 1
Level 1
In response to abimadaro4462

‎12-02-2019 08:42 AM

Hi,

 

I was passing by searching for an answer about promiscuous ports, but your issue does not have any relationship with promiscuous port, you can keep the nexus interface connected to the router as it is, but you configure tags (on sub-interfaces) on the router so he can understand when he receives from the Nexus, without the dot1q command under a router's sub-interface the router will not get the tagged frames.

 

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card