I have one unit Catalyst 6513. I configured a PVLAN with VLAN 30 as primary VLAN and VLAN 31 as secondary isolated VLAN.
Ports connected to hosts are configured as follows:
switchport private-vlan host-association 30 31
switchport mode private-vlan host
Hosts can't talk to one another but they can communicate with the SVI (interface Vlan30).
There's a requirement to extend some hosts to another non-Cisco switch which will trunk to this Cat6513. How should I configure the trunk port on the Cat6513 to preserve the same security model as when the hosts are directly connected to the switch?
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 30
switchport mode trunk
Allowed VLAN should be 30 or 31? Do I have to configure the command "switchport private-vlan host-association 30 31" on this trunk port?
On another note, do you know the difference between the following two commands:
(1) switchport private-vlan host-association 30 31
(2) switchport private-vlan association host 30 31