06-20-2007 09:17 PM - edited 03-05-2019 04:52 PM
Hi Sir,
I have one unit Catalyst 6513. I configured a PVLAN with VLAN 30 as primary VLAN and VLAN 31 as secondary isolated VLAN.
Ports connected to hosts are configured as follows:
!
interface GigabitEthernet3/1
switchport
switchport private-vlan host-association 30 31
switchport mode private-vlan host
!
Hosts can't talk to one another but they can communicate with the SVI (interface Vlan30).
There's a requirement to extend some hosts to another non-Cisco switch which will trunk to this Cat6513. How should I configure the trunk port on the Cat6513 to preserve the same security model as when the hosts are directly connected to the switch?
E.g.
!
interface GigabitEthernet12/9
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 30
switchport mode trunk
!
Allowed VLAN should be 30 or 31? Do I have to configure the command "switchport private-vlan host-association 30 31" on this trunk port?
On another note, do you know the difference between the following two commands:
(1) switchport private-vlan host-association 30 31
(2) switchport private-vlan association host 30 31
Please advise.
Thank you.
B.Rgds,
Lim TS
06-20-2007 09:36 PM
Hi Lim,
I know that the command "switchport private-vlan host-association" is used To define a PVLAN association for an isolated or community port.
Usage Guidelines
There is no run-time effect on the port unless it is in PVLAN-host mode. If the port is in PVLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
Examples
This example shows how to configure a port with a primary VLAN (VLAN 18) and secondary VLAN (VLAN 20):
Router(config-if)# switchport private-vlan host-association 18 20
Router(config-if)#
This example shows how to remove the PVLAN association from the port:
Router(config-if)# no switchport private-vlan host-association
Router(config-if)#
Have you configured "switchport private-vlan association host 30 31" on 6513 switch.
did it accepted ?
Thanks,
Satish
06-21-2007 01:45 AM
Hi Satish,
When I typed the command "sw private-vlan association host 30 31" on the Cat6513, it turns out to be "switchport private-vlan host-association 30 31" in the running-config. So I presume these two commands are equivalent.
I'm more concerned about PVLAN across multiple switches via 802.1Q trunk. Found some technotes below:
Cisco recommends the use of standard trunk ports (regular trunks)if both switches that undergo trunking support PVLANs. I doubt if the non-Cisco switch that's gonna trunk to my Cat6513 supports PVLAN.
In that case, I may need to configure PVLAN trunk. However, it's not supported on the Catalyst 6513 [IOS version 12.2(18)SXF8 - IP SERVICES]
Cat6513(config-if)#sw mod private-vlan ?
host Set the mode to private-vlan host
promiscuous Set the mode to private-vlan promiscuous
Cat6513(config-if)#sw mod private-vlan
I'm out of idea. Please help.
Thank you.
B.Rgds,
Lim TS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: