Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Howto configure isolated private vlan on a vlan trunk to a server?


I have a server which is connected to a Cat3750 via a vlan trunk with 3 vlans.

Two of them are normal vlans, the third should be the isolated vlan of a private vlan.

In this isolated vlan the server should only be able to talk to the promiscuous port which is connected to the default gateway.

I already read the "configuring private vlans" section of the configuration guide but I didn't found any hint for this scenario

What I found was the statement "An isolated port sends a broadcast only to the promiscuous ports or trunk ports". So am I right that the server will get broadcasts from other isolated ports when I use normal trunk configuration?

Does anybody know how to configure the switchport the server is connected to?

I use the following example config:


vlan 100
  private-vlan primary
  private-vlan association 200

vlan 200
  private-vlan isolated


vlan 501

name normalvlan1

vlan 502

name normalvlan2


interface GigabitEthernet1/0/1
descrition servertrunk

switchport mode trunk

switchport trunk allowed vlan 200,501,502

spanning-tree portfast

interface GigabitEthernet1/0/48
description defaultgateway
switchport private-vlan mapping 100 200
switchport mode private-vlan promiscuous
spanning-tree portfast

Best Regards,


New Member
New Member

Re: Howto configure isolated private vlan on a vlan trunk to a s

You are correct but in Cat4500 manual I just found a feature called "Isolated Private VLAN Trunk Ports" (

It seems to be the feature I'm looking for but I'm using Cat3750 which does not support isolated pvlan trunks.

You can use protected ports on Cat3750 but if using vlan trunks the whole trunk is configured isolated (

Does anybody else know a solution?


Re: Howto configure isolated private vlan on a vlan trunk to a s


PVLAN trunks are only supported on a limited number of platforms, but not C3750 due to hardware limitations.

A possible solution could be to use, if available on your server, a second NIC. one interface is a trunk carrying the normal vlans, the other is an access port in your PVLAN.