Hello,

It's posible deploy private vlan in VDS with UCS in end-host mode and promiscuous port in uolink switch?. I need deply a isolated private-vlan for vitual machines with the default gateway in a firewall conected to nexus 5600.

My configuration is

- N5K

vlan 425

   private-vlan primary

   private-vlan association 429

  vlan 429

     private-vlan isolated

int port-channel 14 (to firewall)

  switchport mode private-vlan trunk promiscuous

  switchport private-vlan trunk allowed vlan 428-429

  switchport private-vlan mapping trunk 428 429

int port-channel 40-41 (to Fabric Interconect A and B)

switchport mode trunk

switchport trunk allowed vlan 428-429

UCS (no private-vlan configuration)

  vlan 428

  vlan 429

VDS

  vlan 428 promiscuous

  vlan 429 isolated

  port-group 428 primary (428, 428)

  port-group 429 to virtual machines in isolated (428, 429)

If i put the virtual machienes in port-group 429 i can´t ping to other VM (it's ok) but either to Default gateway. If put the VM in port-group 428 i can ping other VM and default gateway.. Everything points to the fact that the secondary private-vlan information is not being transported to the n5k.

Any idea what i'm doing wrong?.

Regards.