Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
776
Views
5
Helpful
3
Replies

PVLAN & VLAN same uplink interface

Hubsi-Smith
Level 1
Level 1

‎02-11-2023 06:12 AM

Hello,
I have configured my Cisco c1000 with some VLAN and one PVLAN. That works so far as expected but I am unsure if it is possible to use the same uplink interface?

# works for VLAN (uplink)
int gi1/0/1
switchport mode trunk
switchport trunk native vlan 100
switchport trunk allowed vlan 100-108
end

# works for PVLAN (uplink)
int gi1/0/1
switchport private-vlan mapping 302 402
switchport mode private-vlan promiscuous
end

How can both, VLAN and PVLAN on one interface???

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎02-11-2023 07:28 AM

Cat 9K is possible - never tested on cat 1K switches (check the version you using on the configuration guide)

below example for Cat 9K

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9600/software/release/17-4/configuration_guide/vlan/b_174_vlan_9600_cg/configuring_private_vlans.html#id_100563

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎02-11-2023 09:03 AM - edited ‎02-11-2023 09:03 AM

Hello 
The promiscuous port ( in this case a trunk) should be applicable when implementing PVLANS, its a port that all hosts within either the secondary/isolated pvlans can gain access to, and they do this by being associated to a primary vlan, and if that primary vlan is then allowed to traverse a trunk then that should be okay as then the PVLAN hosts will be able to reach hosts residing across that trunk in another switch, which is also implementing PLVAN or not.



 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee

‎02-11-2023 04:27 PM

My friends,

Please allow me to join.

Let's first clarify the terminology:

  • A promiscuous PVLAN host port configured with switchport mode private-vlan promiscuous is an access port, not a trunk. It does not send or receive tagged traffic. The point of an PVLAN promisc host port is to connect to a device that should be accessible by any member of the associated secondary VLANs, community or isolated, but which is still treated as a host.
  • A promiscuous PVLAN trunk port configured with switchport mode private-vlan trunk promiscuous is a trunk port that performs rewrites on PVLAN tags - it rewrites every secondary PVLAN ID to its associated primary PVLAN ID. This special trunk type allows extending the PVLAN to a VLAN-aware device that doesn't support PVLANs but at least can be made accessible to all hosts in all associated secondary VLANs.

So clearly, we cannot have gi1/0/1 act both as a PVLAN host and a trunk port - it can't be an access port and a trunk at the same time.

How we should configure it depends on the capability of the upstream device connected to it:

  • If the upstream device is another switch supporting PVLANs, the port should be a normal trunk configured with switchport mode trunk - yes, a classic trunk port, nothing fancy.
  • If the upstream device supports VLANs but not PVLANs, it makes sense to use the promisc PVLAN trunk port with switchport mode private-vlan trunk promiscuous and configure the upstream device with the primary PVLAN ID.

Additional details and config examples can be found here: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9600/software/release/17-4/configuration_guide/vlan/b_174_vlan_9600_cg/configuring_private_vlans.html

Best regards,
Peter

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card