Isolated Pvlan Trunk Ports - Cisco Catalyst 4500 series Administration Manual

About Private VLANs
Because VTP does not support PVLANs, you must manually configure PVLANs on all switches in the
Layer 2 network. If you do not configure the primary and secondary VLAN association in some switches
in the network, the Layer 2 databases in these switches are not merged. This can result in unnecessary
flooding of private-VLAN traffic on those switches.
PVLANs are supported in VTP v3 under server mode.
Note

Isolated PVLAN Trunk Ports

You would use a isolated PVLAN trunk ports when you would anticipate using PVLAN isolated host
ports to carry multiple VLANs, either normal VLANs or for multiple PVLAN domains. This makes it
useful for connecting a downstream switch that does not support PVLANs such as Catalyst 2950.
Figure 44-3
Primary VLAN
Isolated VLAN
In this illustration, a Catalyst 4500 switch is being used to connect a downstream switch that does not
support PVLANs.
Traffic being sent in the downstream direction towards host1 from the router is received by the
Catalyst 4500 series switch on the promiscuous port and in the primary VLAN (VLAN 10). The packets
are then switched out of the isolated PVLAN trunk. Rather that being tagged with the primary VLAN
(VLAN 10), they are transmitted with the isolated VLAN's tag (VLAN 11). In this way, when the packets
arrive on the non-PVLAN switch, they can be bridged to the destination hosts' access port.
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
44-6
Isolated PVLAN Trunk Ports
Catalyst 7200
router
= VLAN10
= VLAN11
Isolated port
Chapter 44
Catalyst
4500 switch
Isolated PVLAN
trunk port
Non-PVLAN
switch (2950)
Access ports
on VLAN11
Configuring Private VLANs
OL_28731-01