PVLANs...again

bjw · ‎09-08-2008

I am having issues configuring PVLAN using just trunks.

Here's the secenario... two VLANs are being trunked from a 3560 to a 4503 (VLAN0030 and VLAN230). From the 4503 I have a port trunked on to an upstream 2811.

I created a primary Vlan (VLAN0003) and a secondary isolated Vlan (VLAN0030), did the associatied and mappings per the Cisco docs. I cannot get to/from the secondary or primary VLANs from the router gateway.

Here's some output.

WRF4503-249#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4

Gi1/5, Gi1/6, Gi1/7, Gi1/8

Gi1/9, Gi1/10, Gi1/11, Gi1/14

Gi1/15, Gi1/16, Gi1/17, Gi1/18

Gi1/19, Gi1/20

3 PRIMARY

30 SECONDARY active

2

230 CLIENTS active

1002 fddi-default act/unsup

1003 trcrf-default act/unsup

1004 fddinet-default act/unsup

1005 trbrf-default act/unsup

WRF4503-249#show vlan priv

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

3 30 isolated Gi1/12, Gi1/13

WRF4503-249#

WRF4503-249#show int trunk

Port Mode Encapsulation Status Native vlan

Gi1/12 trunk-pvlan-pro n-802.1q trunking 3

Gi1/13 trunk-pvlan 802.1q trunking 30

Port Vlans allowed on trunk

Gi1/12 3,30,230

Gi1/13 3,30,230

Port Vlans allowed and active in management domain

Gi1/12 230

Gi1/13 3,30,230

Port Vlans in spanning tree forwarding state and not pruned

Gi1/12 230

Gi1/13 3,230

WRF4503-249#

interface GigabitEthernet1/12

description Trunk to ROUTER

switchport private-vlan trunk native vlan 3

switchport private-vlan trunk allowed vlan 3,30,230

switchport private-vlan association trunk 3 30

switchport mode private-vlan trunk promiscuous

switchport nonegotiate

no logging event link-status

no logging event trunk-status

no snmp ifindex persist

end

WRF4503-249#

WRF4503-249#show run int g1/13

Building configuration...

Current configuration : 476 bytes

!

interface GigabitEthernet1/13

description Trunk to 3560

switchport trunk encapsulation dot1q

switchport trunk native vlan 30

switchport trunk allowed vlan 3,30,230

switchport private-vlan trunk native vlan 30

switchport private-vlan trunk allowed vlan 230

switchport private-vlan association trunk 3 30

switchport mode private-vlan trunk

switchport nonegotiate

no logging event link-status

no logging event trunk-status

no snmp ifindex persist

end

WRF4503-249#

interface Vlan1

no ip address

!

interface Vlan3

ip address 172.12.3.249 255.255.255.0

private-vlan mapping 30

!

interface Vlan30

ip address 172.12.230.249 255.255.255.0

shutdown

!

interface Vlan230

description Clients

ip address 172.12.230.249 255.255.255.0

!

vlan 3

name PRIMARY

private-vlan primary

private-vlan association 30

!

vlan 30

name SECONDARY

private-vlan isolated

!

vlan 230

name CLIENTS

!

ROUTER INTERFACE

interface FastEthernet0/0

description Trunk CORE

no ip address

no ip route-cache cef

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

snmp ifindex persist

no mop enabled

!

interface FastEthernet0/0.3

encapsulation dot1Q 3 native

ip address 172.12.3.254 255.255.255.0

no ip route-cache

no ip mroute-cache

!

interface FastEthernet0/0.230

encapsulation dot1Q 230

ip address 172.12.230.254 255.255.255.0

t814687 · ‎09-11-2008

Hello Bill,

Just some general notes on your config..

1) When you use PVLAN trunk the device on the other end must support PVLAN tagging. Your 2811 is a regular IOS router and is not aware of PVLANs so I would not configure PVLAN trunking to that device.

2)Not exactly sure what you trying to acheive with the config as I see that your router and 4500 are configured to route traffic between vlan 3 and 230

Thanks

serg