asp24
Enthusiast
Enthusiast

Private vlan on Cisco 3750E with router not pvlan-aware

Hello

I want to use private-vlan to block traffic between customers public IP addresses.

I have the DVSwitch private-vlan going OK, but I cannot communicate with the gateway

Primary vlan is 904 , gateway is 10.200.104.1

isolated vlan, 2904

community vlan, 1904

I have tested between VM's, and isolated vm's cannot communicate, and all VMs can communicate with a VM i put on primary vlan. All is good.

I can not communicate with the gateway. This is a Fortigate 100D on trunk-port gig 2/0/24 on the 3750E-stack.

I created a SVI on the 3750E, and I could ping that AFTER adding private-vlan mapping

---

interface Vlan904
ip address 10.200.104.10 255.255.255.0
private-vlan mapping 1904,2904

---

How can the VMs communicate with the Fortigate ?

---

interface GigabitEthernet2/0/24
description int1_fortigate
switchport trunk encapsulation dot1q
switchport mode trunk

---

3750E does not support "switchport mode trunk promiscuous".

How can I solve this?

0 Kudos
0 Replies