Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

configuring pvlan on a hybrid switch and fwsm 3.1

I need to configure pvlans behind fwsm on a hybrid 6500. My primary vlan is 601 and secondary vlan is 691. my fwsm is on module 2. When i do a 'set pvlan mapping 601 691 2/1-6", i received an error: "Trunking port cannot be made a Promiscuous port.Failed to set mapping between 601 and 691 on 2/1-6". In this case, how can do a mapping to promiscuous port? Or do i even need to specify a promiscuous port? Pls advise, thanks.

3 REPLIES
New Member

Re: configuring pvlan on a hybrid switch and fwsm 3.1

The configuration guide for software version 3.1. refers to the use of private VLANs on page 2-3 "VLAN guidelines". When you make your primary VLAN a firewall-VLAN, then "the FWSM automatically handles secondary VLAN traffic"

New Member

Re: configuring pvlan on a hybrid switch and fwsm 3.1

hi hknippenberg,

thanks for your reply. I read that document too. I am just confused on the switch end. Other than configuring L2 pvlans at the switch, do i need to specify a promiscuous port for the pvlans?

Btw, what does promiscuous port mean? Is it a L3 vlan or a L3 interface or L3 terminating device?

New Member

Re: configuring pvlan on a hybrid switch and fwsm 3.1

Hi,

OK, you've got me there. I was busy studying a FWSM deployment with software 3.1 when I read your mail.

Based on what I read, you're done when you've created your switchports with PVLANS. When you assign the primary VLAN to the FWSM for routing/firewall functions, the FWSM learns the PVLAN config from the switch and honors it. Since the FWSM uses an EtherChannel as a backplane connection, and EtherChannels are not supported for PVLANs, I assume there's some hidden stuff going on in the backplane.

promiscuous mode is also used by packet sniffers to read more from the network than is directed to its local MAC address. It's a state in which a device operates.

Hope this is helpfull

Hans

172
Views
0
Helpful
3
Replies
CreatePlease login to create content