Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3540
Views
0
Helpful
5
Replies

Private VLAN : Promiscous Trunk Port on the 6500 ?

yves.haemmerli
Level 1
Level 1

‎01-20-2010 05:47 AM - edited ‎03-06-2019 09:22 AM

Hello,

I found a similar post on that topic last year, but I prefer to restart a new post for this specific question:

I have a Cat 6500 (Sup-720 and IOS 12.2(33)SXH2a), on which I have several DMZ vlans configured. On a trunk port thansporting all these DMZs, I have a Checkpoint firewall connected, that also support 802.1Q of course. Now, each vlan is a primary vlan of a private vlan domain, Then, I configure private community vlans on which I connect systems that do not have to communicate together. They only have to communicate with the corresponding promiscous port on the primary vlan.

The problem is that I can't configure the trunk port as promiscous like in a Catalyst 4500 with the command :

Cat4500(config-if)# switchport mode private-vlan trunk promiscuous

This is a real problem because I cannot dedicate a port for each DMZ on the firewall..

Is there any IOS version that allows it ? What would be the solution ?

Thank you

Yves

Labels:
0 Helpful
5 Replies 5

krishnakumarr
Level 1
Level 1

‎01-20-2010 05:58 AM

HI

Check the latest IOS for your 4500 chasis and SUP engine

regards

krishna kumar

0 Helpful

krishnakumarr
Level 1
Level 1
In response to krishnakumarr

‎01-20-2010 06:06 AM

Hi

I have verified the Promicus vlan supprot 4500

latest  version entservices.122-53.SG1

regards

krishna

0 Helpful

yves.haemmerli
Level 1
Level 1
In response to krishnakumarr

‎01-20-2010 06:14 AM

Hi Krishna,

Thanks for your answer. However, my question was related to a Cat 6500. I know that the 4500 supports the function.

Yves

0 Helpful

p.woudstra
Level 1
Level 1

‎01-29-2010 08:08 AM

Hi,

As fas as I know this is not supported on the 6500 or the 7600, not with the SXF or the SR release

An alternatve is "Private hosts with PACLs" On cco: The Private Hosts feature provides Layer 2 (L2) isolation between the hosts in a VLAN. You can use Private Hosts as an alternative to the Private VLAN isolated-trunks feature, which is currently not available on the Cisco 7600 router.

The link is at: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/pacl.html

Regards, Patrick

0 Helpful

yves.haemmerli
Level 1
Level 1
In response to p.woudstra

‎02-01-2010 12:00 PM

Thank you Patrick for the update. I will investigate the Privaze Host solution.

best regards,

Yves

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card