6

I'm trying to grasp the private VLAN configuration on Juniper EX switches.

As I understand it right now:

  • Access ports in the primary VLAN (VLAN with no-local-switching configured) are implicitly isolated ports
  • Trunk ports in the primary VLAN with pvlan-trunk set are PVLAN trunk interfaces
  • All other trunk ports in the primary VLAN are promiscuous ports

Is there any way to configure a trunk port to be a isolated port in a PVLAN?

Background: A host has a NIC with multiple VLANs configured. On the switch this is a trunk port accordingly. I want the switchport to be an isolated port in the private VLAN.

Sebastian Wiesinger
  • 8,157
  • 3
  • 37
  • 62

1 Answers1

5

Unfortunately not. This is a frustrating limitation of the way Juniper have implemented Isolated ports and Promiscuos ports in PVLANs - it essentially boils down to if the interfaces is in access mode, it's an Isolated port, but if it's tagged, it's a Promiscuous port.

This https://mellowd.co.uk/ccie/?p=5387 is worth a read if you haven't seen it already - goes into a bit more detail than the Juniper Support documentation examples.

Benjamin Dale
  • 10,041
  • 20
  • 48