Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

private VLAN for two SP's issue--ple help me

In 3750 stack switch , i creat a private vlan101 where gi1/0/22 and vlan102 with gi1/0/23 is community prots which are connected to two different Service provider repectively and valn100 with gi1/0/21 is primary promiscuous port.I also aggregate port(LACP) gi1/0/15 & gi1/0/16 and with same port with another switch (3750).In this switch also VLAN10,20,30,50and 60 and some ports are free. Port channel does not work with private vlan so i want to connect gi1/0/21 throgh firwall port directly,so that i can minimize the collisions and traffic pass through firewall for all valn (inbound,outbond) .

Is promiscuous port communicate with all vlan ports (10,20,30 etc)and rest port as well as private port ?

Please advice me how can i resolve this issue so that i can minimize the collisions without any ACL or VACL and how can i use these valn (100,101,102) completly seprate fron another valn.

3 REPLIES
Hall of Fame Super Silver

Re: private VLAN for two SP's issue--ple help me

Hello Sujet,

>> Is promiscuous port communicate with all vlan ports (10,20,30 etc)and rest port as well as private port ?

the promiscuos port is the L3 routed exit point for the private secondary vlans

in your case g1/0/21 the promiscuous port connects to an external device the firewall.

Has the firewall a path to vlans 10,20,30 ?

if you provide L3 services to primary vlans by configuring SVI interface vlan 100.

I think the best thing would be to have a second link to the firewall acting as the path for normal vlans 10,20,30,50,60.

if the firewall has a third interface I would do so to avoid possible problems in routing over the private vlan.

Hope to help

Giuseppe

New Member

Re: private VLAN for two SP's issue--ple help me

Dear Giuslar,

My all notes are in bold :-

1:-Is promiscuous port communicate with all vlan ports (10,20,30 etc)and rest port as well as private port

YES

2:- the promiscuos port is the L3 routed exit point for the private secondary vlans -- actually i want to connect the promiscuos port directly through firewall.

3:-in your case g1/0/21 the promiscuous port connects to an external device the firewall.

Has the firewall a path to vlans 10,20,30

--yes is connected throght ether channel port which is port number 5 and 6. which is aggregated with firewall ports (LACP).

an you provide example for L3 services to primary vlans by configuring SVI interface vlan 100.

I have free port on Firewall.

Thanks,

Sujeet

Hall of Fame Super Silver

Re: private VLAN for two SP's issue--ple help me

Hello Sujeet,

>> an you provide example for L3 services to primary vlans by configuring SVI interface vlan 100

see the following link

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swpvlan.html#wp1044399

Hope to help

Giuseppe

125
Views
0
Helpful
3
Replies