Yes it is possible.  Below is a reference URL for you.

http://tinyurl.com/nkgatp

Regards,

Tyson Scott

Yes it is possible.  Below is a reference URL for you.

http://tinyurl.com/nkgatp

Regards,

Tyson Scott

I have one question: is it possible to propagate PVLAN through a trunk port on a 3560G sw? I have 2 4948 configured with PVLAN and connected with eachother using a 3560G. I cannot find any command to configure the trunk port in the 3560G user guide. Any idea?

I have one question: is it possible to propagate PVLAN through a trunk port on a 3560G sw? I have 2 4948 configured with PVLAN and connected with eachother using a 3560G. I cannot find any command to configure the trunk port in the 3560G user guide. Any idea?

I guess it is important to understand the purpose of private vlan’s. The purpose is to seperate devices into private clusters to prevent communication from device to device. If you then allow communication from device to device you have then effectively overcome the security features of private vlan’s.

You can use proxy-arp to make it so the isolated devices can communicate with each other if it was necessary for something in the CCIE lab but it would not be a recommended security practice to ever do it in the real world in any situation that I can think of. You would have the communication occuring on a seperate private subnet.

So proxy-arp breaks the intentional design of private vlan’s. If you want to have devices communicate with each other then you need to put the devices on seperate VLAN’s. You are effictively doing such with proxy-arp in a non recommended design.

I guess it is important to understand the purpose of private vlan’s. The purpose is to seperate devices into private clusters to prevent communication from device to device. If you then allow communication from device to device you have then effectively overcome the security features of private vlan’s.

You can use proxy-arp to make it so the isolated devices can communicate with each other if it was necessary for something in the CCIE lab but it would not be a recommended security practice to ever do it in the real world in any situation that I can think of. You would have the communication occuring on a seperate private subnet.

So proxy-arp breaks the intentional design of private vlan’s. If you want to have devices communicate with each other then you need to put the devices on seperate VLAN’s. You are effictively doing such with proxy-arp in a non recommended design.

One more thing …

What the Cisco Documentation says that we can communicate between different secondary vlans through a layer 3 device attached to promiscuous port ..

Thus the devices must ping each other through the L3 Device .. in your topology they cannot … is it because you have not enabled local ip proxy arp.

One more thing …

What the Cisco Documentation says that we can communicate between different secondary vlans through a layer 3 device attached to promiscuous port ..

Thus the devices must ping each other through the L3 Device .. in your topology they cannot … is it because you have not enabled local ip proxy arp.