Private vlan in trunk mode through one physical port

surenx_cisco · ‎05-14-2008

Dear Colleagues

Here's my problem.

I have one Router (Corecess S5) by which I am assigning different vlan 802.1q tags to different customers. Those tags are then coming to Cisco Catalyst 4503 which then has the corresponding vlan interfaces with their ip addresses.

What I want to do at the current moment is to be able to assign different vlan tags on the Corecess S5 Router and then connect them to each other on the Catalyst 4503. This is known as vlan translation or private-vlan on Cisco IOS.

I have tried many different configurations by making the private vlan trunk on the physical interface and mapping those vlan together but there was still no luck in this.

However I am even not sure whether it is possible to receive a vlan tag map it to the other and to send that other vlan tag through the same physical interface.

Catalyst 4503______Corecess S5

______.....................______

|............|--------------|............|

|______|...................|______|

Vlan100->.............<-Vlan 100

+

Vlan200->.............<-Vlan 200

So, this diagram shows how the Corecess S5 is connected to Catalyst 4503.

Once again, Corecess S5 sends two vlans: Vlan100 and Vlan200. Catalyst 4503 receives them and connects them two each other so they could be under the same broadcast domain and sends the vlan tags backwards to Corecess S5.

Now, is this possible to do on Catalyst 4503? If yes, could you please be so kind to show me some sample configuration on how to make this work.

Thanks in Advance

Regards Suren

amritpatek · ‎05-20-2008

PVLANs allow traffic to be segmented at the data-link layer (layer 2) of the OSI model, limiting the size of the broadcast domain.As we know, Ethernet VLANs are not allowed to communicate directly, they need L3 device to forward packets between broadcast domains. The same concept applies to PVLANs - since the subdomains are isolated at level 2, they need to communicate using an upper level (L3 and packet forwarding) entity - such as router. However, there is difference here. Regular VLANs usually correspond to a single IP subnet. When we split VLAN using PVLANs, hosts in different PVLANs still belong to the same IP subnet, but they need to use router (another L3 device) to talk to each other (for example, by means of local Proxy ARP). In turn, router may either permit or forbid communications between sub-VLANs using access-lists.

Follow the URL for the private VLAN configuration :

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swpvlan.html#wp1047919

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml

surenx_cisco · ‎05-20-2008

Hello

Thank you for your prompt reply. But that actually doesn't answer my question and as pvlan documentation is a little messy for me and I've already tried many different configurations, at the moment I simply want to know whether it is possible to do vlan tag translation in trunk mode through one physical port.

Thanks.

surenx_cisco · ‎05-20-2008

Hi

Actually I wasn't digging in a correct place. A simply needed to have a vlan translation and the command to do this is "switchport vlan mapping" but unfortunately I don't have this one on Catalyst 4503 by using this IOS cat4500-entservicesk9-mz.122-31.SGA1.bin does anyone know is vlan translation generally possible on Catalyst 4500? If yes what kind of IOS will I need?

Thanks in advance.