Hello Sven, If I understood you correctly you can get around these limitations by using the PVLAN feature on the end-user ports only and not on the internal switch-to-switch links. On those links you can use normal "trunk" ports and spread the PVLAN to your 6509 and terminate it on L3 VLAN int.
Access layer example for end-user port somewhere in the deeps of the switched fabric: interface FastEthernet0/1 switchport mode private-vlan host switchport private-vlan host-association 10 100 Access layer trunk port: interface GigabitEthernet0/1 switchport mode trunk On your distribution (6509) you configure: interface Vlan10 ip sticky-arp ignore <--- this is important as PVLAN VLAN interface gets sticky arp by default (for some unknown reason) no ip proxy-arp private-vlan mapping 100 and normal trunk port towards the switch fabric: interface GigabitEthernet6/1 switchport mode trunk Yes this is probably suboptimal to what you would like to accoplish however the end effect is that the end-user ports cannot communicate with each other - which is probably what you want. Another alternative is the "private-vlan trunk" feature which is described over here http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/pvlans.html#wp1166138 - the trouble is that AFAIK currently it works only on C4500. -pavel skovajsa On Wed, Jan 13, 2010 at 7:03 AM, Sven 'Darkman' Michels <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > i'd like to use the pvlan feature from Cisco for two networks. I already read > a lot of documentation on the pvlan feature on ciscos page and mayn other blog > posts etc. and already know, that it seems not to be possible to use the pvlan > feature with etherchannel/port groups on any device. A part from no > information > *why* this is not possible, i have no idea, how to complete the following > setup: > > I'd like to have my PVLAN connected to my "core" network in a kind of > redundancy > and "more" bandwidth. The PVLAN has GBIT enabled devices, the uplink to the > core > should be more than one GBIT (to ensure that no single device is able to fill > the uplink, but also able to use max of avaiable bandwidth). Sadly, a TGigE > Uplink > is not yet possble. As switches we have 3560G and the core is currently a > 6509. > At least the redundancy is important, so i could try it with > "backup-interface" on > the 6509, but this would limit the pvlan to 1GigE, which is not exactly what i > want. > Another problem is, that i currently plan to deploy two isolated pvlans on the > 3560 switches, which "should" be no problem if i use two different primary > vlans > (a primary may only carry one isolated pvlan at a time), but it seems to be > not > possible to use one uplink/trunk port for two different isolated pvlan setups? > If thats true, i would need at least four ports (two for each isolated pvlan) > just > to get the redundancy and would not have any uplink >1GigE... > > Did i miss anything? is there a way to get the redundancy and the bandwidth? > may > i use two isolated pvlans on the same uplink? Is there some way to use > something > "like" etherchannel with pvlans? Or is there a way to change the setup in a > way > i would get pvlan + more bandwidth + redundancy without all of these problems > or > limitations? ;) > > Thanks and regards, > Sven > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAktNYjQACgkQQoCguWUBzByRRgCgqzWhNR6O/GNSjQZUhjAMw/+z > rrAAoK4X2X5ti4MibH7r1dUUCDpf/S05 > =3btI > -----END PGP SIGNATURE----- > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
