Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1654
Views
0
Helpful
3
Replies

Howto configure isolated private vlan on a vlan trunk to a server?

thorsten.steffen
Level 3
Level 3

‎03-10-2010 12:05 AM - edited ‎03-06-2019 10:04 AM

Hi,

I have a server which is connected to a Cat3750 via a vlan trunk with 3 vlans.

Two of them are normal vlans, the third should be the isolated vlan of a private vlan.

In this isolated vlan the server should only be able to talk to the promiscuous port which is connected to the default gateway.

I already read the "configuring private vlans" section of the configuration guide but I didn't found any hint for this scenario

What I found was the statement "An isolated port sends a broadcast only to the promiscuous ports or trunk ports". So am I right that the server will get broadcasts from other isolated ports when I use normal trunk configuration?

Does anybody know how to configure the switchport the server is connected to?

I use the following example config:

===

vlan 100
  private-vlan primary
  private-vlan association 200

vlan 200
  private-vlan isolated

!

vlan 501

name normalvlan1
!

vlan 502

name normalvlan2

!

interface GigabitEthernet1/0/1
descrition servertrunk

switchport mode trunk

switchport trunk allowed vlan 200,501,502

spanning-tree portfast

!
interface GigabitEthernet1/0/48
description defaultgateway
switchport private-vlan mapping 100 200
switchport mode private-vlan promiscuous
spanning-tree portfast
===

Best Regards,

Thorsten

Labels:
0 Helpful
3 Replies 3

thorsten.steffen
Level 3
Level 3
In response to hakan.topcu

‎03-10-2010 05:14 AM

You are correct but in Cat4500 manual I just found a feature called "Isolated Private VLAN Trunk Ports" (http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/53SG/configuration/pvlans.html#wp1181903).

It seems to be the feature I'm looking for but I'm using Cat3750 which does not support isolated pvlan trunks.

You can use protected ports on Cat3750 but if using vlan trunks the whole trunk is configured isolated (http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_50_se/configuration/guide/swtrafc.html#wp1029319)

Does anybody else know a solution?

0 Helpful

dario.didio
Level 4
Level 4
In response to thorsten.steffen

‎03-10-2010 07:42 AM

Hi,

PVLAN trunks are only supported on a limited number of platforms, but not C3750 due to hardware limitations.

A possible solution could be to use, if available on your server, a second NIC. one interface is a trunk carrying the normal vlans, the other is an access port in your PVLAN.

HTH,

Dario

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card