Actually there is a feature for this - "switchport private-vlan trunk" , but as far as I know it is only working on the C4500-ME sup
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/pvlans.html <http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/pvlans.html> I am waiting and waiting for this to be available on ME3400.......and still nothing -pavel On Wed, Jan 12, 2011 at 2:32 AM, schilling <[email protected]> wrote: > promisc port has to be access port. So you need a loopback cable on > your access switch with two vlan numbers for your primary vlan. For > example vlan 140 and vlan 141, then your link to distribution will > still be vlan 140, 252 trunk, but one end of loopback cable would be > access vlan 140, the other end of the loopback cable will be access > vlan 141. You can then set vlan 141 to be your primary vlan, and the > end with access vlan 141 to be promisc port. So you have to use a > loopback cable and two ports. Foundry/Brocade is the same way too. > > Schilling > > On Tue, Jan 11, 2011 at 7:57 PM, Sam Evans <[email protected]> wrote: > > All, > > > > I am trying to do a PVLAN implementation on one switch in a distribution > / > > access switch environment. Ideally, I'd like to just be able to use the > > 'isolated' command but we have a few devices that will need to talk to > port > > neighbors, so the PVLAN community would work well. > > > > My challenge here is that the uplink port on the access switch is an > 802.1q > > trunk to the distribution. In reading the documentation and not really > > fully understanding pvlans, if I set the uplink port to a promisc port I > > lose connectivity to the distribution switch. > > > > My config looks something like this (access switch): > > > > vlan 101 > > private-vlan isolated > > ! > > vlan 102 > > private-vlan community > > ! > > vlan 140 > > private-vlan primary > > private-vlan association 101-102 > > ! > > vlan 252 > > name mgmt-net > > > > interface Vlan252 > > ip address 10.0.0.200 255.255.255.0 > > no ip route-cache > > no ip mroute-cache > > > > interface GigabitEthernet0/4 > > description Uplink to distribution switch > > switchport trunk encapsulation dot1q > > switchport trunk allowed vlan 140,252 > > switchport mode trunk > > no logging event link-status > > no snmp trap link-status > > spanning-tree guard loop > > ! > > > > Configuration for distribution switch: > > > > interface GigabitEthernet0/9 > > description Trunk port to PVLAN switch > > switchport trunk allowed vlan 140,252 > > switchport mode trunk > > spanning-tree guard loop > > > > In the normal environment, vlan 140 works fine and servers can talk back > to > > the gateway (just that they can also talk to each other on the access > > switch). > > > > Any suggestions? > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
