I am trying to accomplish a private VLAN solution on a 3750 switch, but I am running into a bit of trouble. I am using the 3750 as a layer 2 switch only. I have a trunk connection from g1/0/1 to a VMWare server that is passing me VLANs 800-809. I have mapped these 800-809 VLANs as private community vlans to primary VLAN 10. I have another trunk on port g1/0/24 that carries only VLAN 10 to an ASA 5550 that is providing the routing for VLAN 10 and its associated Private VLANs.
The idea is to have each VMWare Server in the Private 800-809 VLAN community so that the VMWare Servers cannot communicate with each other unless they are added to the same Private VLAN community.
The problem is that Private VLANs are carried by the trunk links. I need the private 800 vlans to be tagged as VLAN 10 when they arrive at the ASA.
This problem can be resolved by making the trunk link to the ASA a non-trunk link and configure the interface as a promiscuous port, but the aim is to use multiple subinterfaces on the ASA as DMZs on the 3750s.
I tried to map the private vlans to vlan 10 SVI as described in documentation, but that must only work if the SVI is used for actually routing the traffic.
Any help is appreciated!