All, I am trying to do a PVLAN implementation on one switch in a distribution / access switch environment. Ideally, I'd like to just be able to use the 'isolated' command but we have a few devices that will need to talk to port neighbors, so the PVLAN community would work well.
My challenge here is that the uplink port on the access switch is an 802.1q trunk to the distribution. In reading the documentation and not really fully understanding pvlans, if I set the uplink port to a promisc port I lose connectivity to the distribution switch. My config looks something like this (access switch): vlan 101 private-vlan isolated ! vlan 102 private-vlan community ! vlan 140 private-vlan primary private-vlan association 101-102 ! vlan 252 name mgmt-net interface Vlan252 ip address 10.0.0.200 255.255.255.0 no ip route-cache no ip mroute-cache interface GigabitEthernet0/4 description Uplink to distribution switch switchport trunk encapsulation dot1q switchport trunk allowed vlan 140,252 switchport mode trunk no logging event link-status no snmp trap link-status spanning-tree guard loop ! Configuration for distribution switch: interface GigabitEthernet0/9 description Trunk port to PVLAN switch switchport trunk allowed vlan 140,252 switchport mode trunk spanning-tree guard loop In the normal environment, vlan 140 works fine and servers can talk back to the gateway (just that they can also talk to each other on the access switch). Any suggestions? _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/