Howto configure isolated private vlan on a vlan trunk to a server?

Unanswered Question
Mar 10th, 2010

Hi,

I have a server which is connected to a Cat3750 via a vlan trunk with 3 vlans.

Two of them are normal vlans, the third should be the isolated vlan of a private vlan.

In this isolated vlan the server should only be able to talk to the promiscuous port which is connected to the default gateway.

I already read the "configuring private vlans" section of the configuration guide but I didn't found any hint for this scenario

What I found was the statement "An isolated port sends a broadcast only to the promiscuous ports or trunk ports". So am I right that the server will get broadcasts from other isolated ports when I use normal trunk configuration?

Does anybody know how to configure the switchport the server is connected to?

I use the following example config:

===

vlan 100
  private-vlan primary
  private-vlan association 200

vlan 200
  private-vlan isolated

!

vlan 501

name normalvlan1
!

vlan 502

name normalvlan2

!

interface GigabitEthernet1/0/1
descrition servertrunk

switchport mode trunk

switchport trunk allowed vlan 200,501,502

spanning-tree portfast

!
interface GigabitEthernet1/0/48
description defaultgateway
switchport private-vlan mapping 100 200
switchport mode private-vlan promiscuous
spanning-tree portfast
===

Best Regards,

Thorsten

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thorsten.steffen Wed, 03/10/2010 - 05:14

You are correct but in Cat4500 manual I just found a feature called "Isolated Private VLAN Trunk Ports" (http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/53SG/configuration/pvlans.html#wp1181903).

It seems to be the feature I'm looking for but I'm using Cat3750 which does not support isolated pvlan trunks.

You can use protected ports on Cat3750 but if using vlan trunks the whole trunk is configured isolated (http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_50_se/configuration/guide/swtrafc.html#wp1029319)

Does anybody else know a solution?

dario.didio Wed, 03/10/2010 - 07:42

Hi,

PVLAN trunks are only supported on a limited number of platforms, but not C3750 due to hardware limitations.

A possible solution could be to use, if available on your server, a second NIC. one interface is a trunk carrying the normal vlans, the other is an access port in your PVLAN.

HTH,

Dario

Actions

This Discussion