Private vlan on Cisco 3750E with router not pvlan-aware


I want to use private-vlan to block traffic between customers public IP addresses.

I have the DVSwitch private-vlan going OK, but I cannot communicate with the gateway

Primary vlan is 904 , gateway is

isolated vlan, 2904

community vlan, 1904

I have tested between VM's, and isolated vm's cannot communicate, and all VMs can communicate with a VM i put on primary vlan. All is good.

I can not communicate with the gateway. This is a Fortigate 100D on trunk-port gig 2/0/24 on the 3750E-stack.

I created a SVI on the 3750E, and I could ping that AFTER adding private-vlan mapping


interface Vlan904
ip address
private-vlan mapping 1904,2904


How can the VMs communicate with the Fortigate ?


interface GigabitEthernet2/0/24
description int1_fortigate
switchport trunk encapsulation dot1q
switchport mode trunk


3750E does not support "switchport mode trunk promiscuous".

How can I solve this?

