PVLAN support question

I'm looking to implement Private VLANs in a network consisting of multiple 48-port 2960 switches that are connected to a 4500 series switch via fiber. After reviewing the info in the PVLAN switch support matrix (, I see that the 4500 will support Isolated PVLANs and the 2960 will provide only PVLAN edge. According to the document, PVLAN edge has only local significance to the switch, in that the ports on a particular switch wouldn't be able to see one another, but would be able to see ports on other switches. If I put the ports on the 2960s into PVLANs, they should be isolated from each other...If I put each of the ports on the 4500 that the 2960s trunk into in their own VLANs, shouldn't that keep every port on every switch isolated from the others? I hope that made sense, I've just been staring at the notes on this and trying to think of a way to make this equipment work to keep everything isolated.


Re: PVLAN support question

An important point you may have to take care is that the traffic cannot the forwarded between protected ports at Layer 2. All traffic passing between protected ports must be forwarded through a Layer 3 device. Moreover, two-way community Vlans in PVLANs are currently not supported on the Catalyst 4500 switches.

You can also refer to Configuring Isolated Private VLANs on Catalyst Switches.

Re: PVLAN support question

Actually, I think that's OK for what I need. I wouldn't actually need any of the protected ports to talk to each other, I would just need them all to reach the 4500 and then get passed out to the router from there. I'm not positive as to how your statement about 2-way community pvlans would affect this setup.

