Private VLANs - is this configuration right?

Unanswered Question
Aug 15th, 2008

Hi

I have a 4500 that has a vlan (10) on it that none of the clients should talk to each other. I am going to configure this as a isolated vlan. This VLAN is propagated to a 6500 that has the IP address of this VLAN, from what I have read I need to create a primary vlan (99) and then create the client vlan (10) as a isolated vlan within this (99).

Is this correct?

If anyone has a good doc on PVLANs please let me know! The docs on Cisco seem to be lacking.

Cheers

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cdusio Fri, 08/15/2008 - 04:24

Here is an example.. Vlan 83 is the promiscuous VLAN, I left in a port on vlan 230 that has a host on it.

!

no file verify auto

!

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 83,100-101,210,230,248-250 priority 24576

!

vlan internal allocation policy ascending

!

vlan 83

name DMZ_VLAN

private-vlan primary

private-vlan association 100-101,210,230,248

!

vlan 100

name hinfwe-vlan

private-vlan community

!

vlan 101

name hinneo-vlan

private-vlan community

!

vlan 210

name IPASS

private-vlan community

!

vlan 230

name DNS-GSS

private-vlan community

!

vlan 248

name ADP-Internal

private-vlan community

!

!

!

!

interface GigabitEthernet1/0/1

description GSS-01 83.200

switchport private-vlan host-association 83 230

switchport mode private-vlan host

no logging event link-status

speed 100

duplex full

no snmp trap link-status

spanning-tree portfast

spanning-tree guard root

!

interface GigabitEthernet1/0/24

description Firewall_Uplink

switchport access vlan 83

switchport private-vlan mapping 83 100-101,210,230,248-250

switchport mode private-vlan promiscuous

speed 1000

duplex full

spanning-tree portfast

spanning-tree guard root

HTH

CHris

Actions

This Discussion