Private VLAN : Promiscous Trunk Port on the 6500 ?

Unanswered Question
Jan 20th, 2010
User Badges:

Hello,


I found a similar post on that topic last year, but I prefer to restart a new post for this specific question:


I have a Cat 6500 (Sup-720 and IOS 12.2(33)SXH2a), on which I have several DMZ vlans configured. On a trunk port thansporting all these DMZs, I have a Checkpoint firewall connected, that also support 802.1Q of course. Now, each vlan is a primary vlan of a private vlan domain, Then, I configure private community vlans on which I connect systems that do not have to communicate together. They only have to communicate with the corresponding promiscous port on the primary vlan.


The problem is that I can't configure the trunk port as promiscous like in a Catalyst 4500 with the command :


Cat4500(config-if)# switchport mode private-vlan trunk promiscuous


This is a real problem because I cannot dedicate a port for each DMZ on the firewall..


Is there any IOS version that allows it ? What would be the solution ?


Thank you


Yves

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
krishnakumarr Wed, 01/20/2010 - 05:58
User Badges:

HI



Check the latest IOS for your 4500 chasis and SUP engine


regards

krishna kumar

krishnakumarr Wed, 01/20/2010 - 06:06
User Badges:

Hi


I have verified the Promicus vlan supprot 4500


latest  version entservices.122-53.SG1


regards

krishna

yves.haemmerli Wed, 01/20/2010 - 06:14
User Badges:

Hi Krishna,


Thanks for your answer. However, my question was related to a Cat 6500. I know that the 4500 supports the function.


Yves

p.woudstra Fri, 01/29/2010 - 08:08
User Badges:

Hi,


As fas as I know this is not supported on the 6500 or the 7600, not with the SXF or the SR release


An alternatve is "Private hosts with PACLs" On cco: The Private Hosts feature provides Layer 2 (L2) isolation between the hosts in a VLAN. You can use Private Hosts as an alternative to the Private VLAN isolated-trunks feature, which is currently not available on the Cisco 7600 router.


The link is at: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/pacl.html


Regards, Patrick

yves.haemmerli Mon, 02/01/2010 - 12:00
User Badges:

Thank you Patrick for the update. I will investigate the Privaze Host solution.


best regards,


Yves

Actions

This Discussion