I am currently managing an existing network with 3 vlans. We have about 25 nodes.
I need to create a private vlan with the following requirements:
- None of the devices on the private vlan will need access to the internet.
- The devices should only be able to talk to themselves. No other devices in any other vlan should be able to communicate with the private devices and vice versa.
- This needs to be done using existing ports/fiber connections.
What I've done so far:
- Created the private vlans on one of the switches. I created vlan 68 with the following config: private-vlan primary | private-vlan association 69.
- Created the isolated private vlan 69 with the following config: private-vlan isolated
- Configured one port with the following config: switchport private-vlan host-association 68 69 | switchport mode private-vlan host
My questions:
How do I set up the uplink port so that it works with our current vlans and the private-vlans? I've already done the following:
- switchport trunk allowed vlan #,#,#
- switchport private-vlan association mapping 68 69
- switchport private-vlan mapping 68 69
When I try to do the following command (switchport mode private-vlan promiscuous) I lose connection to the switch. The log says that there is a Native vlan mismatch.
I cannot find any workable commands that specifies the native vlan for that port. Our primary vlan on our network for all machines is 3, but on each port the native vlan is 1.
When I do a show interface *** switchport it says the native vlan is 1 just like the other ports.
What am I missing here?
No comments:
Post a Comment