Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Private VLAN : Promiscous Trunk Port on the 6500 ?

Hello,

I found a similar post on that topic last year, but I prefer to restart a new post for this specific question:

I have a Cat 6500 (Sup-720 and IOS 12.2(33)SXH2a), on which I have several DMZ vlans configured. On a trunk port thansporting all these DMZs, I have a Checkpoint firewall connected, that also support 802.1Q of course. Now, each vlan is a primary vlan of a private vlan domain, Then, I configure private community vlans on which I connect systems that do not have to communicate together. They only have to communicate with the corresponding promiscous port on the primary vlan.

The problem is that I can't configure the trunk port as promiscous like in a Catalyst 4500 with the command :

Cat4500(config-if)# switchport mode private-vlan trunk promiscuous

This is a real problem because I cannot dedicate a port for each DMZ on the firewall..

Is there any IOS version that allows it ? What would be the solution ?

Thank you

Yves

Everyone's tags (3)
5 REPLIES
New Member

Re: Private VLAN : Promiscous Trunk Port on the 6500 ?

HI

Check the latest IOS for your 4500 chasis and SUP engine

regards

krishna kumar

New Member

Re: Private VLAN : Promiscous Trunk Port on the 6500 ?

Hi

I have verified the Promicus vlan supprot 4500

latest  version entservices.122-53.SG1

regards

krishna

New Member

Re: Private VLAN : Promiscous Trunk Port on the 6500 ?

Hi Krishna,

Thanks for your answer. However, my question was related to a Cat 6500. I know that the 4500 supports the function.

Yves

New Member

Re: Private VLAN : Promiscous Trunk Port on the 6500 ?

Hi,

As fas as I know this is not supported on the 6500 or the 7600, not with the SXF or the SR release

An alternatve is "Private hosts with PACLs" On cco: The Private Hosts feature provides Layer 2 (L2) isolation between the hosts in a VLAN. You can use Private Hosts as an alternative to the Private VLAN isolated-trunks feature, which is currently not available on the Cisco 7600 router.

The link is at: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/pacl.html

Regards, Patrick

New Member

Re: Private VLAN : Promiscous Trunk Port on the 6500 ?

Thank you Patrick for the update. I will investigate the Privaze Host solution.

best regards,

Yves

2910
Views
0
Helpful
5
Replies