In order to make use of this design the downstream switches (where you connect the customer devices), would need to understand private-vlans in order to join the primary (downstream) and secondary (upstream) traffic. For that to work you would need to allow also the primary vlan on the Te1/1 trunk. You would not really need the "private-vlan trunk" feature, you can transport them on a normal trunk port (and join them on the access switch).
The "private-vlan trunk" feature is useful in a scenario where one port (Te1/x) belongs to one customer and you are handing over multiple secondary vlans over that port. This seems like is not your case. BTW I believe it is supported on latest CatOS...:) -pavel skovajsa On Tue, Apr 19, 2011 at 3:38 PM, Phil Mayers <p.may...@imperial.ac.uk>wrote: > All, > > We've got a pair of Cisco 6500/sup720 serving as our datacentre collapsed > routing/distribution. > > Servers are attached to downstream Foundry/Brocade devices, and possibly > other dumb/cheap devices in future. > > Can I use private VLANs in this case to isolate customers and avoid burning > 5 IPs (network, broadcast, HSRP master, slave & vip) per-customer? I do > *not* want to stop customers talking to each other at layer3 - just get some > degree of isolation (including the "sticky arp"). > > I think I can't, because 12.2(33)SXI seems to lack "switchport mode > private-vlan trunk". Is this correct? > > What I want to do is: > > vlan 600 > name customer-1 > private-vlan community > vlan 601 > name customer-2 > private-vlan community > vlan 60 > name all-customers > private-vlan primary > private-vlan assoc 600,601 > > int Te1/1 > switchport mode trunk > switchport trunk allowed vlan 600,601 > > int Vl60 > ip address ... > private-vlan mapping ... 600,601 > ip local-proxy-arp > > > Cheers, > Phil > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/