From: Adhu Ajit (adhu_ajit@yahoo.com)
Date: Tue Oct 31 2006 - 14:52:24 ART
Petr, you are right. All the VLANs are actually part of the same subnet and same primary VLAN. What was I thinking when I wrote my first email ??!!
So the router port will just behave as a regular ehthernet interface without any trunks terminating on it. The promiscous switch port will just be an access port on the primary VLAN.
Thanks for the clarification.
Petr Lapukhov <petr@internetworkexpert.com> wrote:
No, you just configure router link as an "access" link in VLAN 100 (primary).
You don't need any subinterfaces, and no tagged frames should reach the
router.
Remember, all nodes share *same* subnet, and *same* primary VLAN
in essense. It's just level 2 that makes difference, though this is transparent
to end devices (in sense they don't see "additional" VLANs)
interface fa x/y
description == Link to router
switchport mode private-vlan promisc
switchport private-vlan mapping 100 add 10 , 20 , 30
You only need trunks to transport private VLANs between switches.
HTH
2006/10/31, Adhu Ajit <adhu_ajit@yahoo.com>: Folks, let's say that VLANs 10 and 30 are community VLANs and VLAN 20 is a isolated VLAN. They all use VLAN 100 as the main VLAN to reach the router. (In other words, the promisicuous port on the switch is part of VLAN 100 and VLANs 10, 20 and 30 are mapped to 100)
When I configure the dot1q trunk interface on the router, I'm assuming that I would create one sub-interface each for VLAN 10, 20, 30 and 100.
Any caveats/gotchas that I should know about ?
Thanks in advance.
---------------------------------
Everyone is raving about the all-new Yahoo! Mail.
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:07 ART