Hello, Just to make one thing straight :-). Catalyst 3560 supports private VLAN's as such - i.e. the thing you posted in the first message. What Tyson was referring to when he said that private VLANs are not supported on the trunk interfaces is that you cannot have private VLAN community or isolated ports behave as such on trunks. They need to be associated with access ports if you are to achieve the expected behavior. They can still be trunked to other switches, but the expected behavior (isolation) is lost. More specifically, you can't have a trunk to a router with a VLAN that you are using as a community VLAN - it would behave just as another VLAN.
-- Marko Milivojevic - CCIE #18427 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Community: http://www.ipexpert.com/communities On Thu, Jan 7, 2010 at 15:42, Kingsley Charles <[email protected]>wrote: > H Tyson > > I too was in the same lines but the following surprised me and hence I am > preparing for PVLANs :-( > > > Catalyst Platform > > PVLAN Supported Minimum Software Version > > Isolated VLAN > > PVLAN Edge (Protected Port) > > Community VLAN > > Catalyst 6500/6000 - Hybrid mode (CatOS on Supervisor and Cisco IOSĀ® on > MSFC)<http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper09186a00800c8441.html> > > 5.4(1) on Supervisor and 12.0(7)XE1 on MSFC > > Yes > > Not Supported > > Yes > > Catalyst 6500/6000 - Native mode (Cisco IOSĀ® System software on both > Supervisor and > MSFC)<http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper09186a00800c8441.html> > > 12.1(8a)EX, 12.1(11b)E1 and later. > > Yes > > Not Supported > > Yes > > Catalyst 5500/5000 > > Not Supported > > Not Supported > > Not Supported > > Not Supported > > Catalyst 4500/4000 - > CatOS<http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.1/configuration/guide/vlans.html#wp1028273> > > 6.2(1) > > Yes > > Not Supported > > Yes > > Catalyst 4500/4000 - Cisco > IOS<http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/pvlans.html> > > 12.1(8a)EW > > Yes > > Not Supported > > Yes. 12.2(20)EW onwards. > > Catalyst > 3550<http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_se/configuration/guide/swtrafc.html> > > Not Supported > > Not Supported > > Yes. 12.1(4)EA1 onwards. > > Not Supported > > Catalyst > 2950<http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea2/configuration/guide/swtrafc.html> > > Not Supported > > Not Supported > > Yes. 12.0(5.2)WC1, 12.1(4)EA1 and later. > > Not Supported > > Catalyst > 2900XL/3500XL<http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc5/swg/swports.html> > > Not Supported > > Not Supported > > Yes.12.0(5)XU (on 8MB switches only) onwards. > > Not Supported > > Catalyst 2948G-L3 / 4908G-L3 > > Not Supported > > Not Supported > > Not Supported > > Not Supported > > Catalyst 1900 > > Not Supported > > Not Supported > > Not Supported > > Not Supported > > Catalyst 8500 > > Not Supported > > Not Supported > > Not Supported > > Not Supported > > Catalyst > 3560<http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/swpvlan.html> > > 12.2(20)SE - EMI > > Yes > > Yes. 12.1(19)EA1 onwards. > > Yes > > Catalyst > 3750<http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swpvlan.html> > > 12.2(20)SE - EMI > > Yes > > Yes. 12.1(11)AX onwards. > > Yes > > Catalyst 3750 > Metro<http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_25_seg_seg1/configuration/guide/swpvlan.html> > > 12.2(25)EY - EMI > > Yes > > Yes. 12.1(14)AX onwards. > > Yes > > Catalyst > 2940<http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/configuration/guide/swtrafc.html> > > Not Supported > > Not Supported > > Yes. 12.1(13)AY onwards. > > Not Supported > > Catalyst > 2948G/2980G<http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/6.3and6.4/configuration/guide/vlans.html> > > 6.2 > > Yes > > Not Supported > > Yes > > Catalyst > 2955<http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea2/configuration/guide/swtrafc.html> > > Not Supported > > Not Supported > > Yes. 12.1(6)EA2 onwards. > > Not Supported > > Catalyst > 2970<http://www.cisco.com/en/US/docs/switches/lan/catalyst2970/software/release/12.2_25_se/configuration/guide/swtrafc.html> > > Not Supported > > Not Supported > > Yes. 12.1(11)AX onwards. > > Not Supported > > Catalyst > 2960<http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swtrafc.html> > > Not Supported > > Not Supported > > Yes. 12.2(25)FX and later. > > Not Supported > > Catalyst Express 500 > > Not Supported > > Not Supported > > Not Supported > > Not Supported > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml > > With regards > Kings > > On Thu, Jan 7, 2010 at 8:03 PM, Tyson Scott <[email protected]> wrote: > >> I thought you were asking about trunking between switches. Private VLAN >> support on a trunk port is not supported on the 3560's >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Technical Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA >> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & >> Service Provider) Certification Training with locations throughout the >> United States, Europe and Australia. Be sure to check out our online >> communities at www.ipexpert.com/communities and our public website at >> www.ipexpert.com >> >> >> >> *From:* Kingsley Charles [mailto:[email protected]] >> *Sent:* Thursday, January 07, 2010 9:30 AM >> *To:* Tyson Scott >> *Cc:* [email protected] >> >> *Subject:* Re: [OSL | CCIE_Security] Private vlans >> >> >> >> Hi Tyson >> >> >> >> Please find the commands below. But I am not clear off where to use >> "switchport >> mode private-vlan trunk promiscuous" and >> >> "switchport mode private-vlan trunk secondary" >> >> >> >> Switch(config-if)# *switchport mode private-vlan trunk promiscuous* >> >> Switch(config-if)# *switchport private-vlan trunk native vlan 10* >> >> Switch(config-if)# *switchport private-vlan trunk allowed vlan 10, 3-4* >> >> Switch(config-if)# *switchport private-vlan mapping trunk 3 301, 302* >> >> >> >> >> >> >> Switch(config-if)# *switchport mode private-vlan trunk secondary* >> >> Switch(config-if)# *switchport private-vlan trunk native vlan 10* >> >> Switch(config-if)# *switchport private-vlan trunk allowed vlan 10. 3-4* >> >> Switch(config-if)# *switchport private-vlan association trunk 3 301*** >> >> >> >> >> http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/pvlans.html#wp1158145 >> >> >> >> >> >> >> >> With regards >> >> Kings >> >> >> >> >> >> >> >> On Thu, Jan 7, 2010 at 7:45 PM, Kingsley Charles < >> [email protected]> wrote: >> >> Hi Tyson >> >> >> >> I am not getting the commands but in the Cisco site, I saw that we have >> separate switchport trunking commands for primary and secondary vlans. >> >> >> >> I am still searching >> >> >> >> >> >> With regards >> >> Kings >> >> On Thu, Jan 7, 2010 at 7:40 PM, Tyson Scott <[email protected]> wrote: >> >> It is just as normal trunking. You just need to configure the VLAN's on >> each switch with the necessary perameters. >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Technical Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA >> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & >> Service Provider) Certification Training with locations throughout the >> United States, Europe and Australia. Be sure to check out our online >> communities at www.ipexpert.com/communities and our public website at >> www.ipexpert.com >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Kingsley >> Charles >> *Sent:* Thursday, January 07, 2010 8:58 AM >> *To:* [email protected] >> *Subject:* Re: [OSL | CCIE_Security] Private vlans >> >> >> >> >> >> I have an understanding on PVLAN trunking but with some confusions. >> >> >> >> Can some please explain how does PVLAN trunking works and necessary >> commands to enable private primary and secondary vlan trunking. >> >> >> >> >> >> With regards >> >> Kingsley Charles >> >> >> >> >> >> >> >> On Thu, Jan 7, 2010 at 7:05 PM, Kingsley Charles < >> [email protected]> wrote: >> >> Hi all >> >> >> >> I am trying to configure private PVLANS. Here vlan 4 is the private vlan >> and 5,6 are secondary vlans. >> >> >> >> Please let me know, if the below configuration is fine: >> >> >> >> >> >> >> >> Switch(config)#vlan 4 >> Switch(config-vlan)#private-vlan primary >> >> >> Switch(config)#vlan 5 >> Switch(config-vlan)#private-vlan community >> >> >> Switch(config)#vlan 6 >> Switch(config-vlan)#private-vlan isolated >> >> >> Switch(config)#vlan 4 >> Switch(config-vlan)#private-vlan association 5-6 >> >> >> Switch(config)#int f0/1 >> Switch(config-if)#switchport mode private-vlan promiscuous >> Switch(config-if)#switchport private-vlan mapping 4 5-6 >> >> >> Switch(config)#int f0/2 >> Switch(config-if)#switchport mode private-vlan host >> Switch(config-if)#switchport private-vlan host-association 4 5 >> >> >> Switch(config)#int f0/3 >> Switch(config-if)#switchport mode private-vlan host >> Switch(config-if)#switchport private-vlan host-association 4 6 >> >> >> Switch(config)#int vlan 4 >> Switch(config-if)#private-vlan mapping 4 5-6 >> >> >> >> >> >> With regards >> >> Kingsley Charles >> >> >> >> >> >> >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
