09-08-2008 09:39 AM - edited 03-06-2019 01:14 AM
I am having issues configuring PVLAN using just trunks.
Here's the secenario... two VLANs are being trunked from a 3560 to a 4503 (VLAN0030 and VLAN230). From the 4503 I have a port trunked on to an upstream 2811.
I created a primary Vlan (VLAN0003) and a secondary isolated Vlan (VLAN0030), did the associatied and mappings per the Cisco docs. I cannot get to/from the secondary or primary VLANs from the router gateway.
Here's some output.
WRF4503-249#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4
Gi1/5, Gi1/6, Gi1/7, Gi1/8
Gi1/9, Gi1/10, Gi1/11, Gi1/14
Gi1/15, Gi1/16, Gi1/17, Gi1/18
Gi1/19, Gi1/20
3 PRIMARY
30 SECONDARY active
2
230 CLIENTS active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
WRF4503-249#show vlan priv
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
3 30 isolated Gi1/12, Gi1/13
WRF4503-249#
WRF4503-249#show int trunk
Port Mode Encapsulation Status Native vlan
Gi1/12 trunk-pvlan-pro n-802.1q trunking 3
Gi1/13 trunk-pvlan 802.1q trunking 30
Port Vlans allowed on trunk
Gi1/12 3,30,230
Gi1/13 3,30,230
Port Vlans allowed and active in management domain
Gi1/12 230
Gi1/13 3,30,230
Port Vlans in spanning tree forwarding state and not pruned
Gi1/12 230
Gi1/13 3,230
WRF4503-249#
interface GigabitEthernet1/12
description Trunk to ROUTER
switchport private-vlan trunk native vlan 3
switchport private-vlan trunk allowed vlan 3,30,230
switchport private-vlan association trunk 3 30
switchport mode private-vlan trunk promiscuous
switchport nonegotiate
no logging event link-status
no logging event trunk-status
no snmp ifindex persist
end
WRF4503-249#
WRF4503-249#show run int g1/13
Building configuration...
Current configuration : 476 bytes
!
interface GigabitEthernet1/13
description Trunk to 3560
switchport trunk encapsulation dot1q
switchport trunk native vlan 30
switchport trunk allowed vlan 3,30,230
switchport private-vlan trunk native vlan 30
switchport private-vlan trunk allowed vlan 230
switchport private-vlan association trunk 3 30
switchport mode private-vlan trunk
switchport nonegotiate
no logging event link-status
no logging event trunk-status
no snmp ifindex persist
end
WRF4503-249#
interface Vlan1
no ip address
!
interface Vlan3
ip address 172.12.3.249 255.255.255.0
private-vlan mapping 30
!
interface Vlan30
ip address 172.12.230.249 255.255.255.0
shutdown
!
interface Vlan230
description Clients
ip address 172.12.230.249 255.255.255.0
!
vlan 3
name PRIMARY
private-vlan primary
private-vlan association 30
!
vlan 30
name SECONDARY
private-vlan isolated
!
vlan 230
name CLIENTS
!
ROUTER INTERFACE
interface FastEthernet0/0
description Trunk CORE
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
snmp ifindex persist
no mop enabled
!
interface FastEthernet0/0.3
encapsulation dot1Q 3 native
ip address 172.12.3.254 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface FastEthernet0/0.230
encapsulation dot1Q 230
ip address 172.12.230.254 255.255.255.0
09-11-2008 06:31 AM
Hello Bill,
Just some general notes on your config..
1) When you use PVLAN trunk the device on the other end must support PVLAN tagging. Your 2811 is a regular IOS router and is not aware of PVLANs so I would not configure PVLAN trunking to that device.
2)Not exactly sure what you trying to acheive with the config as I see that your router and 4500 are configured to route traffic between vlan 3 and 230
Thanks
serg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide