promisc port has to be access port. So you need a loopback cable on your access switch with two vlan numbers for your primary vlan. For example vlan 140 and vlan 141, then your link to distribution will still be vlan 140, 252 trunk, but one end of loopback cable would be access vlan 140, the other end of the loopback cable will be access vlan 141. You can then set vlan 141 to be your primary vlan, and the end with access vlan 141 to be promisc port. So you have to use a loopback cable and two ports. Foundry/Brocade is the same way too.
Schilling On Tue, Jan 11, 2011 at 7:57 PM, Sam Evans <[email protected]> wrote: > All, > > I am trying to do a PVLAN implementation on one switch in a distribution / > access switch environment. Ideally, I'd like to just be able to use the > 'isolated' command but we have a few devices that will need to talk to port > neighbors, so the PVLAN community would work well. > > My challenge here is that the uplink port on the access switch is an 802.1q > trunk to the distribution. In reading the documentation and not really > fully understanding pvlans, if I set the uplink port to a promisc port I > lose connectivity to the distribution switch. > > My config looks something like this (access switch): > > vlan 101 > private-vlan isolated > ! > vlan 102 > private-vlan community > ! > vlan 140 > private-vlan primary > private-vlan association 101-102 > ! > vlan 252 > name mgmt-net > > interface Vlan252 > ip address 10.0.0.200 255.255.255.0 > no ip route-cache > no ip mroute-cache > > interface GigabitEthernet0/4 > description Uplink to distribution switch > switchport trunk encapsulation dot1q > switchport trunk allowed vlan 140,252 > switchport mode trunk > no logging event link-status > no snmp trap link-status > spanning-tree guard loop > ! > > Configuration for distribution switch: > > interface GigabitEthernet0/9 > description Trunk port to PVLAN switch > switchport trunk allowed vlan 140,252 > switchport mode trunk > spanning-tree guard loop > > In the normal environment, vlan 140 works fine and servers can talk back to > the gateway (just that they can also talk to each other on the access > switch). > > Any suggestions? > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
