Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1563
Views
0
Helpful
2
Replies

Private VLAN Across Multiple Switches

limtohsoon
Level 1
Level 1

‎06-20-2007 09:17 PM - edited ‎03-05-2019 04:52 PM

Hi Sir,

I have one unit Catalyst 6513. I configured a PVLAN with VLAN 30 as primary VLAN and VLAN 31 as secondary isolated VLAN.

Ports connected to hosts are configured as follows:

!

interface GigabitEthernet3/1

switchport

switchport private-vlan host-association 30 31

switchport mode private-vlan host

!

Hosts can't talk to one another but they can communicate with the SVI (interface Vlan30).

There's a requirement to extend some hosts to another non-Cisco switch which will trunk to this Cat6513. How should I configure the trunk port on the Cat6513 to preserve the same security model as when the hosts are directly connected to the switch?

E.g.

!

interface GigabitEthernet12/9

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 30

switchport mode trunk

!

Allowed VLAN should be 30 or 31? Do I have to configure the command "switchport private-vlan host-association 30 31" on this trunk port?

On another note, do you know the difference between the following two commands:

(1) switchport private-vlan host-association 30 31

(2) switchport private-vlan association host 30 31

Please advise.

Thank you.

B.Rgds,

Lim TS

Labels:
0 Helpful
2 Replies 2

smothuku
Level 7
Level 7

‎06-20-2007 09:36 PM

Hi Lim,

I know that the command "switchport private-vlan host-association" is used To define a PVLAN association for an isolated or community port.

Usage Guidelines

There is no run-time effect on the port unless it is in PVLAN-host mode. If the port is in PVLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive.

The secondary VLAN may be an isolated or community VLAN.

Examples

This example shows how to configure a port with a primary VLAN (VLAN 18) and secondary VLAN (VLAN 20):

Router(config-if)# switchport private-vlan host-association 18 20

Router(config-if)#

This example shows how to remove the PVLAN association from the port:

Router(config-if)# no switchport private-vlan host-association

Router(config-if)#

Have you configured "switchport private-vlan association host 30 31" on 6513 switch.

did it accepted ?

Thanks,

Satish

0 Helpful

limtohsoon
Level 1
Level 1
In response to smothuku

‎06-21-2007 01:45 AM

Hi Satish,

When I typed the command "sw private-vlan association host 30 31" on the Cat6513, it turns out to be "switchport private-vlan host-association 30 31" in the running-config. So I presume these two commands are equivalent.

I'm more concerned about PVLAN across multiple switches via 802.1Q trunk. Found some technotes below:

http://www.cisco.com/en/US/partner/tech/tk389/tk689/technologies_configuration_example09186a008017acad.shtml#multiple_switch

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/pvlans.html#wp1167271

Cisco recommends the use of standard trunk ports (regular trunks)if both switches that undergo trunking support PVLANs. I doubt if the non-Cisco switch that's gonna trunk to my Cat6513 supports PVLAN.

In that case, I may need to configure PVLAN trunk. However, it's not supported on the Catalyst 6513 [IOS version 12.2(18)SXF8 - IP SERVICES]

Cat6513(config-if)#sw mod private-vlan ?

host Set the mode to private-vlan host

promiscuous Set the mode to private-vlan promiscuous

Cat6513(config-if)#sw mod private-vlan

I'm out of idea. Please help.

Thank you.

B.Rgds,

Lim TS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card