2

I understand the concept of PVLANs. All the guides I have been reading assume a simple topology with many hosts on a switch and a single router (default gateway). The router's port is designated as promisc and the hosts are configured as isolated.

I have not seen any guides using an l3 switch. Assume the config is such that the default gateway is the switch itself (the VLAN L3 interface). Does the Vlan interface itself have to be configured as promisc in this case?

For example:

VLAN 10 = Primary VLAN

VLAN 11 = Isolated VLAN

Would the default gateway's IP be put on VLAN 10 or VLAN 11? Would the VLAN 10 or 11 interface be set as promisc?

user974896
  • 341
  • 1
  • 6
  • 13

1 Answers1

1

From: http://blog.ine.com/2008/07/14/private-vlans-revisited/

If you need to configure an SVI on a switch to communicate with private VLAN members, you should add an interface corresponding to Primary VLAN only. Obviously that’s because all secondary VLANs are “subordinates” of primary. After an SVI has been created, you have to map the required secondary VLANs to the SVI (just like with a promiscuous port) in order to make communications possible. You may exclude some mappings from SVI interface, and limit it to communicating only with certain secondary VLANs.

(Code sample adapted to your question - assuming gateway of 10.0.0.7)

SW1:
!
! SW1 SVI of Primary VLAN is mapped to all secondary VLANs
!
interface Vlan 10
 ip address 10.0.0.7 255.255.255.0
 private-vlan mapping 11
Jason Seemann
  • 1,120
  • 6
  • 9