cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
350
Views
0
Helpful
4
Replies

PVLAN over Trunk Ports

vsurresh
Level 1
Level 1

IMG_0322.jpg
(Edited) Let’s assume I have two access switches and one distribution switch. The clients only connect to the access switches. The distribution switch connects to the firewall or router where the default gateway is located (router on a stick). I also have some other normal VLANs (100, 105, 110)

Suppose I have a primary VLAN 10 and an isolated VLAN 11 configured on both access switches.

My understanding is that I don’t need to create the PVLAN configs on the distribution switch, right? All I need to do is configure the following on the trunk between SW-01/SW02 and the distribution switch.

 

switchport trunk allowed vlan add 10, 100, 105, 110
switchport private-vlan mapping trunk 10 11
switchport mode private-vlan trunk promiscuous

 

Does this need to be configured on both sides of the trunk? (both access switch side and distribution switch side) This is where I'm confused.

On the other side, I can configure the same commands on the trunk between switch 2 and the firewall, right? (only on the switch 2 side, of course). Thanks in advance.

1 Accepted Solution

Accepted Solutions

Hello
Assuming all your host reside in a single flat address range and reside on both Sw01-02 which are access switches then you ONLY need Pvlan enabled on those switches, the trunk interconnects will be just L2 trunks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

4 Replies 4

Hello


@vsurresh wrote:

If the clients don’t connect directly to the distribution switch, my understanding is that I don’t need to create the PVLAN configs on switch 2, right? All I need to do is configure the following on the trunk between SW-01 and SW02.



Correct .. if you do not have Pvlan hosts on the dist switch then you do not need to create it on that sw


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thank you. Sorry, I modified the question slightly and added a diagram

Hello
Assuming all your host reside in a single flat address range and reside on both Sw01-02 which are access switches then you ONLY need Pvlan enabled on those switches, the trunk interconnects will be just L2 trunks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thank you

Review Cisco Networking for a $25 gift card