Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
208
Views
0
Helpful
3
Replies

private vlan question

mjsully
Level 1
Level 1

‎02-21-2006 12:28 PM - edited ‎03-03-2019 01:56 AM

I am replacing a standard set of switches out with ones that can support PVLAN's. All our switches currently have their ip address on vlan 1 and that is the subnet which the default gateway resides. The second switch acts as a redundant switch and will need the same vlans as the primary. Currently they are etherchanneled together. I want to setup a single private vlan with one isolated vlan and several community vlans. My question is where do I put the IP address? Do I still setup a vlan 1 interface as I have done all along? Or do I put the addrss on the primary private vlan? And I assume I will need to setup a trunk between the two switches, vs. etherchannel?

Labels:
0 Helpful
3 Replies 3

Roberto Salazar
Level 8
Level 8

‎02-21-2006 12:56 PM

Private VLANs provide Layer 2 isolation between ports within the same private VLAN. There are three types of private VLAN ports:

•Promiscuous—A promiscuous port can communicate with all interfaces, including the community and isolated ports within a private VLAN.

•Isolated—An isolated port has complete Layer 2 separation from other ports within the same private VLAN except for the promiscuous port. Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports.

•Community—Community ports communicate among themselves and with their promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other communities or isolated ports within their private VLAN.

PVLANS are also knows as secondary vlans, they are always associated to primary vlans so they can communicate to other devices outside their subnet through the default gateway. The management ip address or sc0 if it's CAtOS will always be in primary vlan or if native IOS and it's interface vlan it will always be the primary vlan. so, to answer your question, the management ip address will be in primary vlan.

–You cannot use the inband port, sc0, in a private VLAN.

Note: With software release 6.3(1) and later releases, you can configure the sc0 port as a private VLAN port; however, you cannot configure the sc0 port as a promiscuous port.

0 Helpful

mjsully
Level 1
Level 1
In response to Roberto Salazar

‎02-21-2006 01:41 PM

Thank you for that info. I do have one question, however. How do I configure the crossover connection between the two switches? As etherchannel, trunk link, are these ports part of the primary vlan?

0 Helpful

Roberto Salazar
Level 8
Level 8
In response to mjsully

‎02-21-2006 02:24 PM

with more that one link you can etherchanel and turnk tose etherchannel, all you have to make sure of is that all the vlans (pvlans and primary vlans) are in the trunk, you should not have to do anything as the vlans will all be included in the trunk. To verify:

show trunk x/y for catos

show int trunk for Native IOS.

Of course, with just a single link then no etherchannel is needed and you can trunk that single link.

0 Helpful
Customers Also Viewed These Support Documents