You can just need primary vlan on the catalyst 6500, basically 6500 is not aware of the private vlans existence. Then private vlans on the access switch.
The following is one of my old post. promisc port has to be access port. So you need a loopback cable on your access switch with two vlan numbers for your primary vlan. For example vlan 140 and vlan 141, then your link to distribution will still be vlan 140, other vlans trunk, but one end of loopback cable would be access vlan 140, the other end of the loopback cable will be access vlan 141. You can then set vlan 141 to be your primary vlan, and the end with access vlan 141 to be promisc port. So you have to use a loopback cable and two ports. Foundry/Brocade is the same way too. Schilling On Tue, Apr 19, 2011 at 9:38 AM, Phil Mayers <p.may...@imperial.ac.uk> wrote: > All, > > We've got a pair of Cisco 6500/sup720 serving as our datacentre collapsed > routing/distribution. > > Servers are attached to downstream Foundry/Brocade devices, and possibly > other dumb/cheap devices in future. > > Can I use private VLANs in this case to isolate customers and avoid burning > 5 IPs (network, broadcast, HSRP master, slave & vip) per-customer? I do > *not* want to stop customers talking to each other at layer3 - just get some > degree of isolation (including the "sticky arp"). > > I think I can't, because 12.2(33)SXI seems to lack "switchport mode > private-vlan trunk". Is this correct? > > What I want to do is: > > vlan 600 > name customer-1 > private-vlan community > vlan 601 > name customer-2 > private-vlan community > vlan 60 > name all-customers > private-vlan primary > private-vlan assoc 600,601 > > int Te1/1 > switchport mode trunk > switchport trunk allowed vlan 600,601 > > int Vl60 > ip address ... > private-vlan mapping ... 600,601 > ip local-proxy-arp > > > Cheers, > Phil > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/