SG350X Provate VLAN with a Trunk uplink interface

haltau · ‎02-09-2021

Hello,

I have a SG350X and want to use private VLAN's.

If i use a Promiscuous Port for the connection to the Router everything works. But i only have one uplink Port at the router for different VLAN's, is it possible to have something like a Promiscous Trunk Port?

A normal trunk port does not work unfortunately.

Thanks in advance

balaji.bandi · ‎02-09-2021

I do not believe that way works what you expecting. best only can be done below documented and tested.

https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5659-configure-private-vlan-membership-settings-on-a-switch-throu.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TJ-20933766 · ‎02-09-2021

If your goal is to just prevent Layer 2 communication between hosts, you could look at doing protected ports. All you would need to do is configure all your access ports as protected ports to prevent communication between them but do not configure your trunk as a protected port.

https://youtu.be/ZOzy7tbXIfY

haltau · ‎02-09-2021

Hello Tyson,

Yes my goal is to prevent Layer 2 communication between hosts, and protected ports do exactly what I need, with the exception that protected ports on other switches are accessible from hosts, is there a way to prevent this?

TJ-20933766 · ‎02-09-2021

Yes. Ensure that you are applying the protected port configuration on the correct ports. In the image below (I stole this from a Cisco Meraki post but it still applies here), you can see that the port going to the uplink switch never has the protected port configuration but the downlink port does. That's usually what people miss when deploying protected port and see odd things such as hosts on one switch being able to communicate with hosts on another switch even though they should not be able to.