I'm trying to grasp the private VLAN configuration on Juniper EX switches.
As I understand it right now:
- Access ports in the primary VLAN (VLAN with
no-local-switchingconfigured) are implicitly isolated ports - Trunk ports in the primary VLAN with
pvlan-trunkset are PVLAN trunk interfaces - All other trunk ports in the primary VLAN are promiscuous ports
Is there any way to configure a trunk port to be a isolated port in a PVLAN?
Background: A host has a NIC with multiple VLANs configured. On the switch this is a trunk port accordingly. I want the switchport to be an isolated port in the private VLAN.
Best Answer
Unfortunately not. This is a frustrating limitation of the way Juniper have implemented Isolated ports and Promiscuos ports in PVLANs - it essentially boils down to if the interfaces is in access mode, it's an Isolated port, but if it's tagged, it's a Promiscuous port.
This https://mellowd.co.uk/ccie/?p=5387 is worth a read if you haven't seen it already - goes into a bit more detail than the Juniper Support documentation examples.