I have a switch with community vlans, isolated vlans and a primary vlan. The primary vlan is connected to the default gateway which is a firewall. I need the firewall to use dot1q trunking so therefore need to change the uplink switch port to be a trunk. However as the switch is a Cat 3750 it appears that I can't still have the port in a primary vlan. Can I have a trunk & a primary vlan. If not and I just configure a trunk, will the switchport act as a primary port?
3750 doesn't support trunking on it's PVLAN Promiscuous port. You need to move up in switch platform to gain that feature, 4500 or 6500 series.
If you try and set it up as a trunk you will get unexpected results. Your flows will not be routed correctly at L2. Assuming that the FW running the trunk is going to have a virtual interface per vlan. This is how the PIX does it. Your flows would leave one interface and return in another. A firewall would not like this.
Do you know that does 3560 support trunking on promiscuous ports? I have a situation where I have servers on isolated p.vlan 2000 on distribution layer switch. I don't want to do any p.vlan configuration to Core. So can communication happen between Core and servers on isolated vlan 2000 if the only vlan that goes through the trunk link is primary vlan 2001? Or do I have to put the isolated vlan also to the allowed vlans on trunk? and also every community vlan that I have?
So what I'am asking is that do the devices that don't have p.vlan on, see the all the community vlan etc. or do they only see the primary VLAN?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...