private VLAN for two SP's issue--ple help me

Unanswered Question
Feb 16th, 2009

In 3750 stack switch , i creat a private vlan101 where gi1/0/22 and vlan102 with gi1/0/23 is community prots which are connected to two different Service provider repectively and valn100 with gi1/0/21 is primary promiscuous port.I also aggregate port(LACP) gi1/0/15 & gi1/0/16 and with same port with another switch (3750).In this switch also VLAN10,20,30,50and 60 and some ports are free. Port channel does not work with private vlan so i want to connect gi1/0/21 throgh firwall port directly,so that i can minimize the collisions and traffic pass through firewall for all valn (inbound,outbond) .

Is promiscuous port communicate with all vlan ports (10,20,30 etc)and rest port as well as private port ?

Please advice me how can i resolve this issue so that i can minimize the collisions without any ACL or VACL and how can i use these valn (100,101,102) completly seprate fron another valn.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 02/17/2009 - 23:45

Hello Sujet,

>> Is promiscuous port communicate with all vlan ports (10,20,30 etc)and rest port as well as private port ?

the promiscuos port is the L3 routed exit point for the private secondary vlans

in your case g1/0/21 the promiscuous port connects to an external device the firewall.

Has the firewall a path to vlans 10,20,30 ?

if you provide L3 services to primary vlans by configuring SVI interface vlan 100.

I think the best thing would be to have a second link to the firewall acting as the path for normal vlans 10,20,30,50,60.

if the firewall has a third interface I would do so to avoid possible problems in routing over the private vlan.

Hope to help

Giuseppe

sujitkr7cisco Thu, 02/19/2009 - 03:54

Dear Giuslar,

My all notes are in bold :-

1:-Is promiscuous port communicate with all vlan ports (10,20,30 etc)and rest port as well as private port

YES

2:- the promiscuos port is the L3 routed exit point for the private secondary vlans -- actually i want to connect the promiscuos port directly through firewall.

3:-in your case g1/0/21 the promiscuous port connects to an external device the firewall.

Has the firewall a path to vlans 10,20,30

--yes is connected throght ether channel port which is port number 5 and 6. which is aggregated with firewall ports (LACP).

an you provide example for L3 services to primary vlans by configuring SVI interface vlan 100.

I have free port on Firewall.

Thanks,

Sujeet

Actions

This Discussion