Promiscuous Pvlan Trunk Ports - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 47
Configuring Private VLANs
Traffic in the upstream direction is sent by host1 to the non-PVLAN switch, arriving in VLAN 11. The
packets are then transmitted to the switch tagged with that VLAN's tag (VLAN 11) over the trunk port.
On the switch, VLAN 11 is configured as the isolated VLAN, and the traffic is forwarded as if it came
from an isolated host port.
When an isolated trunk is used in this way, Catalyst 4500 series switch provides isolation between the
Note
isolated trunk and directly connected hosts (such as host3) but not between hosts connected to the
non-PVLAN switch (such as host1 and host2). The non-PVLAN switch must provide isolation between
these hosts, using a feature such as protected ports on a Catalyst 2950.
For details on protected ports, see the URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configur
ation/guide/swtrafc.html#wp1158863
Promiscuous PVLAN Trunk Ports
PVLAN promiscuous trunks are used in situations where one would normally use a PVLAN
promiscuous host port but where it is necessary to carry multiple VLANs, either normal VLANs or for
multiple PVLAN domains. This makes it useful for connecting an upstream router that does not support
PVLANs, such as a Cisco 7200.
Figure 47-4
Primary VLAN
Isolated VLAN
Community VLAN = VLAN12
In
Figure
not support PVLANs. Traffic being sent upstream by host1 arrives on the switch in the community
VLAN (VLAN 12). When this traffic is bridged onto the promiscuous PVLAN trunk towards the router,
it is tagged with the primary VLAN (VLAN 10). This way it can be routed using the correct subinterface
configured on the router.
Traffic in the downstream direction is received on the promiscuous PVLAN trunk port by the switch in
the primary VLAN (VLAN 10), just as if it had been received on a promiscuous host port. It can then be
bridged to the destination host as in any PVLAN domain.
PVLAN promiscuous trunks interact with VLAN QoS. Refer to the section
ACL/QoS" section on page
Promiscuous PVLAN Trunk Ports
= VLAN10
= VLAN11
Community
port, VLAN12
47-4, a Catalyst 4500 series switch connects a PVLAN domain to an upstream router that does
47-8.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Catalyst
7200 router
Catalyst
4500 switch
Isolated
port, VLAN11
About Private VLANs
"PVLANs and VLAN
47-7
Advertisement
Chapters
Table of Contents
Troubleshooting
