Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
3
Replies

private VLAN for two SP's issue--ple help me

sujitkr7cisco
Level 1
Level 1

‎02-16-2009 12:52 PM - edited ‎03-06-2019 04:04 AM

In 3750 stack switch , i creat a private vlan101 where gi1/0/22 and vlan102 with gi1/0/23 is community prots which are connected to two different Service provider repectively and valn100 with gi1/0/21 is primary promiscuous port.I also aggregate port(LACP) gi1/0/15 & gi1/0/16 and with same port with another switch (3750).In this switch also VLAN10,20,30,50and 60 and some ports are free. Port channel does not work with private vlan so i want to connect gi1/0/21 throgh firwall port directly,so that i can minimize the collisions and traffic pass through firewall for all valn (inbound,outbond) .

Is promiscuous port communicate with all vlan ports (10,20,30 etc)and rest port as well as private port ?

Please advice me how can i resolve this issue so that i can minimize the collisions without any ACL or VACL and how can i use these valn (100,101,102) completly seprate fron another valn.

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-17-2009 11:45 PM

Hello Sujet,

>> Is promiscuous port communicate with all vlan ports (10,20,30 etc)and rest port as well as private port ?

the promiscuos port is the L3 routed exit point for the private secondary vlans

in your case g1/0/21 the promiscuous port connects to an external device the firewall.

Has the firewall a path to vlans 10,20,30 ?

if you provide L3 services to primary vlans by configuring SVI interface vlan 100.

I think the best thing would be to have a second link to the firewall acting as the path for normal vlans 10,20,30,50,60.

if the firewall has a third interface I would do so to avoid possible problems in routing over the private vlan.

Hope to help

Giuseppe

0 Helpful

sujitkr7cisco
Level 1
Level 1
In response to Giuseppe Larosa

‎02-19-2009 03:54 AM

Dear Giuslar,

My all notes are in bold :-

1:-Is promiscuous port communicate with all vlan ports (10,20,30 etc)and rest port as well as private port

YES

2:- the promiscuos port is the L3 routed exit point for the private secondary vlans -- actually i want to connect the promiscuos port directly through firewall.

3:-in your case g1/0/21 the promiscuous port connects to an external device the firewall.

Has the firewall a path to vlans 10,20,30

--yes is connected throght ether channel port which is port number 5 and 6. which is aggregated with firewall ports (LACP).

an you provide example for L3 services to primary vlans by configuring SVI interface vlan 100.

I have free port on Firewall.

Thanks,

Sujeet

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to sujitkr7cisco

‎02-19-2009 06:24 AM

Hello Sujeet,

>> an you provide example for L3 services to primary vlans by configuring SVI interface vlan 100

see the following link

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swpvlan.html#wp1044399

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card