few questions about private vlan

sarahr202 · ‎05-23-2010

Hi every body.

i have few questions about private vlan.

1) Can a private vlan have more than one promiscuous port?

2) consider the following scenario:

sw1---trunk-----sw2-------trunk-----sw3----trunk------------router

sw1 has vlan 1

sw2 has vlan2

sw3 has vlan3

We want to implement private vlan feature on vlan1

We implement that feature as;

vlan1 primary

vlan 4 secondary

vlan 5 isolated.

We want these vlans( vlan1,4,5) to communicate with each other at layer 3. But sw1 does not have any port connected to router , so we can not assign any port as promiscuous port. How can we acheive that goal i.e enabling communication at L3 among vlans 1,4, 5? please note that we want limited communication among these vlans 1,4,5 for that we already configured access lists on router.

3) consider the following scenario:

sw1------trunk------------sw2----trunk ----sw3--Dhcp server

Sw1 has vlan1

sw2 has vlan 2

sw3 has vlan 3

Dhcp server is in vlan3

we want hosts in vlan 1 be assigned ip address from the pool 1.0.0.0/8

we want hosts in vlan 2 be assigned ip addresses from the pool 2.0.0.0/8

we face following challenges.

1) dhcp server being in vlan3 can not hear any dhcp requests from hosts in vlan 1 and hosts in vlan2.

How can we overcome this issue?

2) Given that we overcame the above issue, we face yet another challenge . In order for dhcp server to assign ip address from the pool 1.0.0.0/8

Dhcp must be able to tell which dhcp requests come from vlan 1 hosts and which dhcp requets come from vlan2 hosts.

How can we overcome this challenge?

Thanks a lot and have a nice weekend.

Ganesh Hariharan · ‎05-23-2010

Hi every body.
i have few questions about private vlan.
1) Can a private vlan have more than one promiscuous port?
2)   consider the following scenario:
sw1---trunk-----sw2-------trunk-----sw3----trunk------------router
sw1 has vlan 1
sw2 has vlan2
sw3 has vlan3
 We want to implement private vlan feature on vlan1
We implement that feature as;
vlan1 primary
vlan 4 secondary
vlan 5 isolated.
We
want  these vlans( vlan1,4,5)  to communicate with each other at layer
3.  But  sw1 does not have any port connected to router  , so we can
not assign any port as promiscuous port.    How can we acheive  that
goal i.e enabling communication at L3  among vlans 1,4, 5?   please
note that   we want  limited communication among these   vlans 1,4,5  
for that  we already  configured access lists on router.
3)  consider the following scenario:
sw1------trunk------------sw2----trunk  ----sw3--Dhcp server
Sw1 has vlan1
sw2 has vlan 2
sw3 has vlan 3
Dhcp server is in  vlan3
we want hosts in vlan 1   be assigned ip address from the pool    1.0.0.0/8
we want hosts in vlan 2  be assigned ip addresses from the pool   2.0.0.0/8

 we face following challenges.
1)   dhcp server  being in vlan3  can not hear any dhcp requests from hosts in vlan 1 and hosts in vlan2.
How can we overcome this issue?
2) 
Given that  we overcame the above issue,  we face yet another
challenge  . In order  for dhcp server to assign  ip address from the
pool 1.0.0.0/8
Dhcp must be able to   tell which dhcp  requests come from vlan 1 hosts and which dhcp requets come from vlan2 hosts.
How can we overcome this challenge?

Hi Sarah,

What is the switch series in which vlans are confgured and need to have private vlan configuration because following is the switch support feature for private vlan configuration, check out the below link for more information

http://www.ciscosystems.ch/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml

and A promiscuous port can communicate with all interfaces, including the isolated and community ports within a PVLAN.

Hope to Help !!

Ganesh.H