Gary,
You'll need one port configured as promiscuous to forward traffic beyond your isolated / community ports. Can you change your PIX port to an access port, configure it as promiscuous and then trunk another interface on the PIX (assuming you want use dot1q interfaces on the PIX)?
-ryan
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Gary Braver
Sent: Thursday, April 30, 2009 11:24 AM
To: ccielab_at_groupstudy.com
Subject: Private VLANS without promiscuous port
Experts .
Been reading / testing private vlans and am stumped on how to make work when
there are no promiscuous ports.
Setup is that I have a 3560 switch in transparent mode and it has a trunk
connection to a pix firewall. The firewall is the default gateway for the
primary vlan so there are no promiscuous ports on the switch.
Is this possible?
Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 30 2009 - 11:40:21 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:13 ART