Trunk port configuration issue between PVLAN port and other port

AbeysV · ‎03-09-2018

Hello,

I am doing some testing for Private VLAN (PVLAN) configuration. My test setup is as below:

In this setup I have one Access switch and one Distribution switch, I have configured Interface Vlan on Distribution switch which is Default gateway for my PC and Laptop. But I am not able to reach to my Default Gateway. IP of PC is 192.168.1.25 & Laptop IP is 192.168.1.50. Switch configuration of Access switch and Distribution switch are as below:

---------------------------------------------------------------------

Distribution switch

interface Vlan300
ip address 192.168.1.11 255.255.255.0
no ip route-cache

interface FastEthernet0/11
description ## Access switch FA0/48 ##
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 300
switchport mode trunk
mls qos trust ip-precedence
udld port aggressive

Access switch

vlan 300
private-vlan primary
private-vlan association 301-302
!
vlan 301
private-vlan community
!
vlan 302
private-vlan isolated

interface FastEthernet0/30
switchport private-vlan host-association 300 302
switchport mode private-vlan host

interface FastEthernet0/33
switchport private-vlan host-association 300 301
switchport mode private-vlan host

interface FastEthernet0/48
description ## Distriburion switch ##
switchport trunk encapsulation dot1q
switchport private-vlan mapping 300 301-302
switchport mode private-vlan promiscuous
switchport nonegotiate
load-interval 60
no keepalive
priority-queue out
udld port aggressive
mls qos trust ip-precedence
no mdix auto

---------------------------------------------------------------------

On Distribution switch when I configure port (FastEthernet 0/11) connecting to Access switch as a Access VLAN then I'm able to reach default gateway but not with trunk configuration. I require switchport configuration as trunk because I have to pass multiple VLANs.

Please help.

acampbell · ‎03-09-2018

Hi,

try adding the following line to your Access Switch trunk port.

!
interface fastethernet 0/48
switchport mode private-vlan trunk

!

Regards, Alex. Please rate useful posts.

AbeysV · ‎03-12-2018

There is no option of switchport mode private-vlan ~~trunk~~

It's only showing switchport mode private-vlan host or promiscuous

acampbell · ‎03-12-2018

Hi,

If this is a switch model ME3xxxx you need to make the port NNI 1st to support trunking.

UNI type working is hosts only.

!
port-type nni
switchport mode private-vlan trunk
!

Regards, Alex. Please rate useful posts.

AbeysV · ‎03-12-2018

No switch is old, Catalyst 3560.

amikat · ‎03-12-2018

Hi,

You are trying to configure PVLAN promiscuous trunk port at the access switch but this feature is not supported with Catalyst 3560 (SE train).

Provided your distribution switch understands PVLANs you can try to modify your setting as follows:

Configure Fa 0/48 (access switch) as standard trunk port (the same way as Fa 0/11 of distribution with the "switchport trunk allowed vlan 300-302" modification - both sides).
Configure PVLANs at the distribution and under the "Interface Vlan 300" of the distribution configure "private-vlan mapping 301-302".

This way you MAY achieve what you wish.

Good Luck!

Best regards,

Antonin

AbeysV · ‎03-13-2018

Hi amikat,

Thanks!

I have configured below way and now I am able to reach from my PC to it's default Gateway which is my L3 box (distribution). Following are the changes I have done on Access switch:

interface FastEthernet0/48

description ## Distriburion switch ##

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 300

switchport private-vlan mapping 300 301-302

switchport mode trunk

switchport nonegotiate

load-interval 60

no keepalive

speed 100

duplex full

priority-queue out

udld port aggressive

mls qos trust ip-precedence

no mdix auto