Sure, here is the relevant portion of SW1 and SW2. I was just playing with this a couple days ago, still fresh on my rack :)
Topology: R1/R3----SW1----SW2----R2 R1 is on f0/1 R3 is on f0/3 R2 is on f0/2 Trunk is on f0/13 Configuration: SW1: vlan 100 private-vlan primary private-vlan association 101 ! vlan 101 private-vlan isolated ! interface FastEthernet0/1 switchport private-vlan host-association 100 101 switchport mode private-vlan host spanning-tree portfast ! interface FastEthernet0/3 switchport private-vlan host-association 100 101 switchport mode private-vlan host spanning-tree portfast ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk SW2: vlan 100 private-vlan primary private-vlan association 101 ! vlan 101 private-vlan isolated ! interface FastEthernet0/2 switchport private-vlan mapping 100 101 switchport mode private-vlan promiscuous ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk Verification: R1 pings R2: R1#ping 192.168.120.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.120.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms R1# R3 pings R2: R3#ping 192.168.120.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.120.2, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/3/4 ms R3# R1 cannot ping R3: R1#ping 192.168.120.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.120.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1# On Thu, Jan 7, 2010 at 9:20 PM, Kingsley Charles <[email protected] > wrote: > Exactly Bryan, that was the scenario that I was talking about. PVLANs > across switchres. > > Can you please paste your configs. > > With regards > Kings > > On Thu, Jan 7, 2010 at 9:20 PM, Bryan Bartik <[email protected]> wrote: > >> Charles, >> >> Not sure exactly what you mean but here is a scenario I was practicing >> with, with no special configuration on the trunk between the 3560s. >> >> 2 devices in isolated vlan 101 ----> 3560 ----> 3560 -----> Router in >> primary vlan 100 (with association to secondary vlan 101) >> >> The two devices could only communicate with the router and not each other. >> >> Is this the type of scenario you are talking about? >> >> >> On Thu, Jan 7, 2010 at 7:42 AM, Kingsley Charles < >> [email protected]> wrote: >> >>> H Tyson >>> >>> I too was in the same lines but the following surprised me and hence I am >>> preparing for PVLANs :-( >>> >>> >>> Catalyst Platform >>> >>> PVLAN Supported Minimum Software Version >>> >>> Isolated VLAN >>> >>> PVLAN Edge (Protected Port) >>> >>> Community VLAN >>> >>> Catalyst 6500/6000 - Hybrid mode (CatOS on Supervisor and Cisco IOSĀ® on >>> MSFC)<http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper09186a00800c8441.html> >>> >>> 5.4(1) on Supervisor and 12.0(7)XE1 on MSFC >>> >>> Yes >>> >>> Not Supported >>> >>> Yes >>> >>> Catalyst 6500/6000 - Native mode (Cisco IOSĀ® System software on both >>> Supervisor and >>> MSFC)<http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper09186a00800c8441.html> >>> >>> 12.1(8a)EX, 12.1(11b)E1 and later. >>> >>> Yes >>> >>> Not Supported >>> >>> Yes >>> >>> Catalyst 5500/5000 >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> Catalyst 4500/4000 - >>> CatOS<http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.1/configuration/guide/vlans.html#wp1028273> >>> >>> 6.2(1) >>> >>> Yes >>> >>> Not Supported >>> >>> Yes >>> >>> Catalyst 4500/4000 - Cisco >>> IOS<http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/pvlans.html> >>> >>> 12.1(8a)EW >>> >>> Yes >>> >>> Not Supported >>> >>> Yes. 12.2(20)EW onwards. >>> >>> Catalyst >>> 3550<http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_se/configuration/guide/swtrafc.html> >>> >>> Not Supported >>> >>> Not Supported >>> >>> Yes. 12.1(4)EA1 onwards. >>> >>> Not Supported >>> >>> Catalyst >>> 2950<http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea2/configuration/guide/swtrafc.html> >>> >>> Not Supported >>> >>> Not Supported >>> >>> Yes. 12.0(5.2)WC1, 12.1(4)EA1 and later. >>> >>> Not Supported >>> >>> Catalyst >>> 2900XL/3500XL<http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/release12.0_5_wc5/swg/swports.html> >>> >>> Not Supported >>> >>> Not Supported >>> >>> Yes.12.0(5)XU (on 8MB switches only) onwards. >>> >>> Not Supported >>> >>> Catalyst 2948G-L3 / 4908G-L3 >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> Catalyst 1900 >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> Catalyst 8500 >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> Catalyst >>> 3560<http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/swpvlan.html> >>> >>> 12.2(20)SE - EMI >>> >>> Yes >>> >>> Yes. 12.1(19)EA1 onwards. >>> >>> Yes >>> >>> Catalyst >>> 3750<http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swpvlan.html> >>> >>> 12.2(20)SE - EMI >>> >>> Yes >>> >>> Yes. 12.1(11)AX onwards. >>> >>> Yes >>> >>> Catalyst 3750 >>> Metro<http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_25_seg_seg1/configuration/guide/swpvlan.html> >>> >>> 12.2(25)EY - EMI >>> >>> Yes >>> >>> Yes. 12.1(14)AX onwards. >>> >>> Yes >>> >>> Catalyst >>> 2940<http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/configuration/guide/swtrafc.html> >>> >>> Not Supported >>> >>> Not Supported >>> >>> Yes. 12.1(13)AY onwards. >>> >>> Not Supported >>> >>> Catalyst >>> 2948G/2980G<http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/6.3and6.4/configuration/guide/vlans.html> >>> >>> 6.2 >>> >>> Yes >>> >>> Not Supported >>> >>> Yes >>> >>> Catalyst >>> 2955<http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea2/configuration/guide/swtrafc.html> >>> >>> Not Supported >>> >>> Not Supported >>> >>> Yes. 12.1(6)EA2 onwards. >>> >>> Not Supported >>> >>> Catalyst >>> 2970<http://www.cisco.com/en/US/docs/switches/lan/catalyst2970/software/release/12.2_25_se/configuration/guide/swtrafc.html> >>> >>> Not Supported >>> >>> Not Supported >>> >>> Yes. 12.1(11)AX onwards. >>> >>> Not Supported >>> >>> Catalyst >>> 2960<http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swtrafc.html> >>> >>> Not Supported >>> >>> Not Supported >>> >>> Yes. 12.2(25)FX and later. >>> >>> Not Supported >>> >>> Catalyst Express 500 >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> Not Supported >>> >>> >>> >>> http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml >>> >>> With regards >>> Kings >>> >>> On Thu, Jan 7, 2010 at 8:03 PM, Tyson Scott <[email protected]> wrote: >>> >>>> I thought you were asking about trunking between switches. Private >>>> VLAN support on a trunk port is not supported on the 3560's >>>> >>>> >>>> >>>> Regards, >>>> >>>> >>>> >>>> Tyson Scott - CCIE #13513 R&S, Security, and SP >>>> >>>> Technical Instructor - IPexpert, Inc. >>>> >>>> Mailto: [email protected] >>>> >>>> Telephone: +1.810.326.1444, ext. 208 >>>> >>>> Live Assistance, Please visit: www.ipexpert.com/chat >>>> >>>> eFax: +1.810.454.0130 >>>> >>>> >>>> >>>> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA >>>> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & >>>> Service Provider) Certification Training with locations throughout the >>>> United States, Europe and Australia. Be sure to check out our online >>>> communities at www.ipexpert.com/communities and our public website at >>>> www.ipexpert.com >>>> >>>> >>>> >>>> *From:* Kingsley Charles [mailto:[email protected]] >>>> *Sent:* Thursday, January 07, 2010 9:30 AM >>>> *To:* Tyson Scott >>>> *Cc:* [email protected] >>>> >>>> *Subject:* Re: [OSL | CCIE_Security] Private vlans >>>> >>>> >>>> >>>> Hi Tyson >>>> >>>> >>>> >>>> Please find the commands below. But I am not clear off where to use >>>> "switchport >>>> mode private-vlan trunk promiscuous" and >>>> >>>> "switchport mode private-vlan trunk secondary" >>>> >>>> >>>> >>>> Switch(config-if)# *switchport mode private-vlan trunk promiscuous* >>>> >>>> Switch(config-if)# *switchport private-vlan trunk native vlan 10* >>>> >>>> Switch(config-if)# *switchport private-vlan trunk allowed vlan 10, 3-4* >>>> >>>> Switch(config-if)# *switchport private-vlan mapping trunk 3 301, 302* >>>> >>>> >>>> >>>> >>>> >>>> >>>> Switch(config-if)# *switchport mode private-vlan trunk secondary* >>>> >>>> Switch(config-if)# *switchport private-vlan trunk native vlan 10* >>>> >>>> Switch(config-if)# *switchport private-vlan trunk allowed vlan 10. 3-4* >>>> >>>> Switch(config-if)# *switchport private-vlan association trunk 3 301*** >>>> >>>> >>>> >>>> >>>> http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/pvlans.html#wp1158145 >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> With regards >>>> >>>> Kings >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Thu, Jan 7, 2010 at 7:45 PM, Kingsley Charles < >>>> [email protected]> wrote: >>>> >>>> Hi Tyson >>>> >>>> >>>> >>>> I am not getting the commands but in the Cisco site, I saw that we have >>>> separate switchport trunking commands for primary and secondary vlans. >>>> >>>> >>>> >>>> I am still searching >>>> >>>> >>>> >>>> >>>> >>>> With regards >>>> >>>> Kings >>>> >>>> On Thu, Jan 7, 2010 at 7:40 PM, Tyson Scott <[email protected]> >>>> wrote: >>>> >>>> It is just as normal trunking. You just need to configure the VLAN's on >>>> each switch with the necessary perameters. >>>> >>>> >>>> >>>> Regards, >>>> >>>> >>>> >>>> Tyson Scott - CCIE #13513 R&S, Security, and SP >>>> >>>> Technical Instructor - IPexpert, Inc. >>>> >>>> Mailto: [email protected] >>>> >>>> Telephone: +1.810.326.1444, ext. 208 >>>> >>>> Live Assistance, Please visit: www.ipexpert.com/chat >>>> >>>> eFax: +1.810.454.0130 >>>> >>>> >>>> >>>> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA >>>> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & >>>> Service Provider) Certification Training with locations throughout the >>>> United States, Europe and Australia. Be sure to check out our online >>>> communities at www.ipexpert.com/communities and our public website at >>>> www.ipexpert.com >>>> >>>> >>>> >>>> *From:* [email protected] [mailto: >>>> [email protected]] *On Behalf Of *Kingsley >>>> Charles >>>> *Sent:* Thursday, January 07, 2010 8:58 AM >>>> *To:* [email protected] >>>> *Subject:* Re: [OSL | CCIE_Security] Private vlans >>>> >>>> >>>> >>>> >>>> >>>> I have an understanding on PVLAN trunking but with some confusions. >>>> >>>> >>>> >>>> Can some please explain how does PVLAN trunking works and necessary >>>> commands to enable private primary and secondary vlan trunking. >>>> >>>> >>>> >>>> >>>> >>>> With regards >>>> >>>> Kingsley Charles >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Thu, Jan 7, 2010 at 7:05 PM, Kingsley Charles < >>>> [email protected]> wrote: >>>> >>>> Hi all >>>> >>>> >>>> >>>> I am trying to configure private PVLANS. Here vlan 4 is the private vlan >>>> and 5,6 are secondary vlans. >>>> >>>> >>>> >>>> Please let me know, if the below configuration is fine: >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> Switch(config)#vlan 4 >>>> Switch(config-vlan)#private-vlan primary >>>> >>>> >>>> Switch(config)#vlan 5 >>>> Switch(config-vlan)#private-vlan community >>>> >>>> >>>> Switch(config)#vlan 6 >>>> Switch(config-vlan)#private-vlan isolated >>>> >>>> >>>> Switch(config)#vlan 4 >>>> Switch(config-vlan)#private-vlan association 5-6 >>>> >>>> >>>> Switch(config)#int f0/1 >>>> Switch(config-if)#switchport mode private-vlan promiscuous >>>> Switch(config-if)#switchport private-vlan mapping 4 5-6 >>>> >>>> >>>> Switch(config)#int f0/2 >>>> Switch(config-if)#switchport mode private-vlan host >>>> Switch(config-if)#switchport private-vlan host-association 4 5 >>>> >>>> >>>> Switch(config)#int f0/3 >>>> Switch(config-if)#switchport mode private-vlan host >>>> Switch(config-if)#switchport private-vlan host-association 4 6 >>>> >>>> >>>> Switch(config)#int vlan 4 >>>> Switch(config-if)#private-vlan mapping 4 5-6 >>>> >>>> >>>> >>>> >>>> >>>> With regards >>>> >>>> Kingsley Charles >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> >> >> >> -- >> Bryan Bartik >> CCIE #23707 (R&S, SP), CCNP >> Sr. Support Engineer - IPexpert, Inc. >> URL: http://www.IPexpert.com <http://www.ipexpert.com/> >> > > -- Bryan Bartik CCIE #23707 (R&S, SP), CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
