Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
3
Replies

private vlan questions

Go to solution
sarahr202
Level 5
Level 5

‎02-04-2009 09:54 AM - edited ‎03-06-2019 03:51 AM

Hi every body!

<br /> i have some questions about private vlan:

<br />

<br />1) Sw1 has secondary vlan 2 (community) and sw2 has secondary vlan 2( community), Can this vlan be trunked between two sw1 and sw2?

<br />

<br />2) This is what cisco book says about a port in pormiscous mode.

<br />"javascript:popUp('/content/images/chap4_9781587052460/elementLinks/ns080401b.gif')

<br />

<br />"The function of the promiscuous port is to move traffic between ports in community or isolated VLANs. It can use access lists to identify which traffic can pass between these VLANs"

<br />

<br />So promiscous port is in charge of moving traffic between ports in different vlans with in private vlan

<br />

<br /> But then i find the following in the same book:

<br />

<br />"Map secondary VLANs to the SVI (Switched Virtual Interface), which is the Layer 3 VLAN interface of a primary VLAN to allow Layer 3 switching of PVLAN ingress traffic.

<br />

<br /> * For example, permit routing of secondary VLAN ingress traffic from VLANs 201 to 202 and 301 to the private VLAN 101 SVI (Layer 3 interface). " ( here vlan 101 is primary vlan)

<br />

<br />

<br />I would really appreciate if someone helps me understand the above.

<br />

<br />thanks a lot and have a nice day!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohamed Sobair
Level 7
Level 7

‎02-04-2009 10:09 AM

Hello Sarah,

OK, 1st In private Vlan config, port in Community cant access another port in different Vlan community.

Only ports part of the Primary vlans can access Isolated and Community vlan Ports.

With regard to ur last link posted, what Cisco means here if Routing configured, Map the primary Vlan at ingress to allow layer-3 access between Both ports.

HTH

Mohamed

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mohamed Sobair
Level 7
Level 7

‎02-04-2009 10:09 AM

Hello Sarah,

OK, 1st In private Vlan config, port in Community cant access another port in different Vlan community.

Only ports part of the Primary vlans can access Isolated and Community vlan Ports.

With regard to ur last link posted, what Cisco means here if Routing configured, Map the primary Vlan at ingress to allow layer-3 access between Both ports.

HTH

Mohamed

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Mohamed Sobair

‎02-04-2009 01:08 PM

Thanks for your reply Mohamed !

If you don't mind could you please help me with following question.

sw1(f0/1)---------- f0/2sw2------ internet.

Fo/1 and f0/2 on sw1 and sw2 are layer 3 interface.

sw1 has one vlan 2, we want to use " private vlan" to control the traffic within vlan 2. Which port should be considered as promiscous port?

thanks a lot!

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7

‎02-04-2009 01:22 PM

Hi Sarah,

The F0/1 should be the promiscous port.

HTH

Mohamed

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card