ESXi

 View Only

Private vlan on Cisco 3750E with router not pvlan-aware

  • 1.  Private vlan on Cisco 3750E with router not pvlan-aware

    Posted Mar 03, 2013 08:08 AM

    Hello

    I want to use private-vlan to block traffic between customers public IP addresses.

    I have the DVSwitch private-vlan going OK, but I cannot communicate with the gateway

    Primary vlan is 904 , gateway is 10.200.104.1

    isolated vlan, 2904

    community vlan, 1904

    I have tested between VM's, and isolated vm's cannot communicate, and all VMs can communicate with a VM i put on primary vlan. All is good.

    I can not communicate with the gateway. This is a Fortigate 100D on trunk-port gig 2/0/24 on the 3750E-stack.

    I created a SVI on the 3750E, and I could ping that AFTER adding private-vlan mapping

    ---

    interface Vlan904
    ip address 10.200.104.10 255.255.255.0
    private-vlan mapping 1904,2904

    ---

    How can the VMs communicate with the Fortigate ?

    ---

    interface GigabitEthernet2/0/24
    description int1_fortigate
    switchport trunk encapsulation dot1q
    switchport mode trunk

    ---

    3750E does not support "switchport mode trunk promiscuous".

    How can I solve this?