I want to use private-vlan to block traffic between customers public IP addresses.
I have the DVSwitch private-vlan going OK, but I cannot communicate with the gateway
Primary vlan is 904 , gateway is 10.200.104.1
isolated vlan, 2904
community vlan, 1904
I have tested between VM's, and isolated vm's cannot communicate, and all VMs can communicate with a VM i put on primary vlan. All is good.
I can not communicate with the gateway. This is a Fortigate 100D on trunk-port gig 2/0/24 on the 3750E-stack.
I created a SVI on the 3750E, and I could ping that AFTER adding private-vlan mapping
interface Vlan904 ip address 10.200.104.10 255.255.255.0 private-vlan mapping 1904,2904
How can the VMs communicate with the Fortigate ?
interface GigabitEthernet2/0/24 description int1_fortigate switchport trunk encapsulation dot1q switchport mode trunk
3750E does not support "switchport mode trunk promiscuous".
How can I solve this?