I have a layer 3 (3560g) with private vlan10(10.10.1.1) as primary with vlans100-161 as community vlans all mapped and associated. All ports on this switch route/forward perfectly. It is layer 2 switches (2960) connected downstream where I have the problem. On those switches, you cannot create primary/secondary vlans. So how do I get a port in vlan 100 on the 2960 to communicate with a port in vlan 100 on the 3650. The switches are connected by dot1q trunk ports due to number of vlans/switches. I cannot use an access port for every switch/vlan. My understanding is that the layer3 switch expects communication for the secondary vlans to come thru the primary, but the layer 2s are presenting it with tagged ports via the trunks.
Essentially I'm trying to replace a layer 3 extreme 48si with this layer 3 cisco. The extreme has no problem receiving layer 2 packets for subvlans.
Do I have a design issue? It's a multiple tenant facility so I have a similar model to a service provider, but it's a non-profit so I have to work with what I got... the extremes are 9 years old. what a tank. but I have new donated ciscos......