02-22-2011 07:07 AM
I have a couple of FastIron FGS648 switches which are connected to a BigIron router. There are desktops and other devices connected to the switches and set up in different VLANs. All VLANs run through one 802.1q tagged link to the BigIron. This all works fine.
Now, I am trying to set up private VLANs on the FGS switches to isolate the desktops connected to the switches. Currently all desktops on one switch are in one VLAN. I want them to be isolated so that they can only talk to the router but not to each other. pvlans seem to be the way to go. However, there is one limitation: "You cannot configure isolated, community, or primary VLANs on 802.1Q tagged ports." (from the config guide).
This means I can set up the whole thing on a single switch but I am not able to get the private VLAN traffic and all those other VLANs on my switch through the 802.1q tagged link to the router. In other words: the link between the switch and the router must be untagged or I have to run two links one for the private VLAN and one for all other VLANs. Both options are no alternative for me.
Am I missing something here or is this really a restriction of private VLANs on the FastIrons?
02-22-2011 09:13 AM
From the 7.2 config guide.....
Configuring private VLANs
Brocade devices support private VLANs on both tagged and untagged ports. Tagged ports are
supported only on the FCX platform.