Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EtherChannel on private-vlan ports 3560G

I am trying to configure LACP EtherChannel on a Cat-3560G.

I connected several server to different Cat-3560G switches on isolated privat-vlan-port. I have one backup-system that I connect on promiscuous port on one single Cat-3560G. All devices are in the same L2 domain. So far this works like expected.

Now I am trying to configure LACP EtherChannel for the backup-system to increase throuput. I wanted to to like in the Cisco Document ID: 98469. Unfortunately EtherChannel configuration is not possible on private-vlan-port.

Any workaround for this problem?

Thank you

New Member

Re: EtherChannel on private-vlan ports 3560G

You need to configure the channel on a non-private-vlan. Thats the only work around I know. You can always restrict the access with an VLAN ACL.

New Member

Re: EtherChannel on private-vlan ports 3560G

Ok. I will use ACL instead of private VLAN. Unfortunately It's not as simple as privat VLAN and less secure (?)

New Member

Re: EtherChannel on private-vlan ports 3560G

Well, You can get almost as secure as you want it. You could use a VACL

Basically you break it down like this:

access-list TRAFFIC permit (traffic incoming and outgoing to the VLAN)

than create you vlan access-map

vlan access-map TEST 10

match address TRAFFIC

action forward

vlan access-map TEST 20

action drop

vlan filter-list TEST vlan 100 (number of you vlan)

In the first access-map that referances the access-list TRAFFIC you permit all your traffic here. This traffic can be inside the vlan itself too.

example - permit tcp host host - In the same subnet

So thi is a good way to secure traffic inside the vlan you apply to that port. You have full control over what allowed inside and outside with this VACL

Here a good read: