Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
135
Views
0
Helpful
3
Replies

pvlan community on trunk to server

DraganSkundric87318
Level 1
Level 1

‎10-28-2025 11:11 AM

I have pvlan trunk port facing router with some pvlans, primary and isolated vlans. I also have access (community) and trunks with isolated ports and this all works ok. Problem is that I need to have trunk port facing host that utilize normlal and community vlans and this is not working. TRunk port facing host is normal trunk port 

vlan 12

private-vlan community

!
vlan 10

private-vlan primary
private-vlan association 12

!

 

int host

switchport mode trunk

switchport allowed vlan 10,12 
!

int router
switchport mode private-vlan trunk promiscuous
switchport private-vlan trunk allowed vlan 10
switchport private-vlan mapping trunk 10 12

!

on host interface mac address is visible in vlan 10

so, two hosts in vlan 12 can ping each other but the cannot reach ruter vlan 10 interface. Is this config possible? It is nexus switch. How can I debug this? 

Labels:
0 Helpful
3 Replies 3

Enes Simnica
Spotlight
Spotlight

‎10-29-2025 01:06 AM

hello @DraganSkundric87318 and that is a good question! This setup won’t work as expected because a regular trunk port can’t participate in a private VLAN domain, PVLAN isolation rules don’t extend through normal trunks. Only PVLAN trunks and promiscuous ports understand the mapping between primary and secondary VLANs.

SOOO if u need a trunk toward a host (like a hypervisor) that uses both normal and PVLAN VLANs, the best option is to convert that port to a PVLAN trunk secondary and allow both VLAN 10 (primary) and 12 (community)..

use these G:

sh int private-vlan mapping
sh mac address-table vlan 10,12
sh system internal vlan info brief

and confirm that VLAN 12 is mapped properly to VLAN 10 on both sides......

check this G, is sick: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/layer2/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_7x_ch...

 

-Enes

more Cisco?!
more Gym?!



If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!
0 Helpful

DraganSkundric87318
Level 1
Level 1

‎10-29-2025 02:09 AM

DraganSkundric87318_0-1761728926828.png

 

 

hmm looks like it is not possible

0 Helpful

Enes Simnica
Spotlight
Spotlight
In response to DraganSkundric87318

‎10-29-2025 02:13 AM

Ahhh my G, good catch, u’re absolutely right. On Nexus, PVLAN trunk secondary interfaces can only carry isolated VLANs, not community VLANs. My bad!!!!!!!!!!!!!! I mixed it up with the Catalyst behavior where it’s more flexible. So yeah, that setup isn’t possible on Nexus. You’d need to separate the PVLAN and normal VLAN traffic into different trunks. Thanks for pointing that out!

Looks like I need more coffee hehe

 

-Enes

more Cisco?!
more Gym?!



If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!
0 Helpful
Customers Also Viewed These Support Documents