6

I'm trying to grasp the private VLAN configuration on Juniper EX switches.

As I understand it right now:

  • Access ports in the primary VLAN (VLAN with no-local-switching configured) are implicitly isolated ports
  • Trunk ports in the primary VLAN with pvlan-trunk set are PVLAN trunk interfaces
  • All other trunk ports in the primary VLAN are promiscuous ports

Is there any way to configure a trunk port to be a isolated port in a PVLAN?

Background: A host has a NIC with multiple VLANs configured. On the switch this is a trunk port accordingly. I want the switchport to be an isolated port in the private VLAN.

Sebastian Wiesinger
  • 8,107
  • 3
  • 34
  • 60
  • What OS is the host? I could assume ESXi/vSphere? Have you also review this: http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/private-vlans-ex-series.html ? – nzspambot Aug 04 '14 at 00:33
  • I have reviewed private VLANs, I'm actually using them. ;) The host is a normal host, no virtualisation or anything. But that wouldn't make a difference anyway. The host (OS) has no influence over PVLANs. – Sebastian Wiesinger Aug 04 '14 at 11:40

1 Answers1

5

Unfortunately not. This is a frustrating limitation of the way Juniper have implemented Isolated ports and Promiscuos ports in PVLANs - it essentially boils down to if the interfaces is in access mode, it's an Isolated port, but if it's tagged, it's a Promiscuous port.

This https://mellowd.co.uk/ccie/?p=5387 is worth a read if you haven't seen it already - goes into a bit more detail than the Juniper Support documentation examples.

Benjamin Dale
  • 9,296
  • 17
  • 46
  • the link seems broken, perhaps this is the right page: https://web.archive.org/web/20140919200350/https://mellowd.co.uk/ccie/?p=5387 (Though I think the configuration syntax may have changed too) – ilkkachu Nov 29 '22 at 17:28