I currently have a managed switch (DGS-3120-24SC) configured for private VLANs (secondary and primary port groups). Secondary ports are isolated from each other and forwarding is not possible between them. However they can communicate with all primary ports (uplinks). What I'd like to do is to transparently pass VLAN tagged packets between devices connected to primary and secondary ports.
I do have some servers connected to primary ports that need to reach devices behind secondary ports using different VLANs and tagging/untagging them at intermediary switches is not a convenient option for me.
It would seem that VLAN Trunking is what I basically need, but unfortunately it doesn't work together with Private VLAN setup (isolated secondary + promiscuous ports).
Is it technically possible to have a working setup that I described above?
The switch supports many features, including Q-in-Q tagging, trunking, etc..
Best Answer
I accidentally got into this page again, so decided to answer my own question. I've found a solution that works for quite some time now: the wanted functionality is achieved by using Traffic segmentation and VLAN trunking features of the switch. Traffic segmentation lets you allow or deny traffic forwarding between ports (in any configuration) and VLAN trunking allows to enable tagged packets to pass the switch untouched. These functions can be configured quite flexibly, because you can control individual ports.