Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Private Vlan Tagging not happening

Hi, I'm trying to setup a server access switch with private vlans enabled to isolate the servers from each other. Here is my lab configuration:

Primary Vlan: 2

Secondary Vlan: 102

interface GigabitEthernet1/1

switchport private-vlan mapping 2 102

switchport mode private-vlan promiscuous

interface GigabitEthernet1/2

switchport private-vlan host-association 2 102

switchport mode private-vlan host

vlan 2

name Primary

private-vlan primary

private-vlan association 102

vlan 102

name Isolated

private-vlan isolated

interface Vlan2

ip address dhcp

private-vlan mapping 102


My switch is connecting to a Juniper ISG. With the configuration as shown, traffic is passed to the router and the router is responding with a vlan 1 dhcp address. This suggests to me that the tagging is not happening as I'd like it to.

Am I wrong in assuming that traffic coming from an interface configured like Gig1/2 would be tagged for vlan 102, and traffic coming from interface vlan 2 would be tagged with vlanid 2?

I guess my question is, how do I know what my frames will be tagged when configuring a switch for private-vlans? And, on a 4948, how do I configure trunking of private-vlans to opperate similar to a standard trunk port?

Thanks in advance!

New Member

Re: Private Vlan Tagging not happening