[c-nsp] PVLAN Question

schilling schilling2006 at gmail.com
Tue Jan 11 20:32:25 EST 2011


promisc port has to be access port. So you need a loopback cable on
your access switch with two vlan numbers for your primary vlan. For
example vlan 140 and vlan 141, then your link to distribution will
still be vlan 140, 252 trunk, but one end of loopback cable would be
access vlan 140, the other end of the loopback cable will be access
vlan 141. You can then set vlan 141 to be your primary vlan, and the
end with access vlan 141 to be promisc port. So you have to use a
loopback cable and two ports. Foundry/Brocade is the same way too.

Schilling

On Tue, Jan 11, 2011 at 7:57 PM, Sam Evans <wintrmte at gmail.com> wrote:
> All,
>
> I am trying to do a PVLAN implementation on one switch in a distribution /
> access switch environment.  Ideally, I'd like to just be able to use the
> 'isolated' command but we have a few devices that will need to talk to port
> neighbors, so the PVLAN community would work well.
>
> My challenge here is that the uplink port on the access switch is an 802.1q
> trunk to the distribution.  In reading the documentation and not really
> fully understanding pvlans, if I set the uplink port to a promisc port I
> lose connectivity to the distribution switch.
>
> My config looks something like this (access switch):
>
> vlan 101
>  private-vlan isolated
> !
> vlan 102
>  private-vlan community
> !
> vlan 140
>  private-vlan primary
>  private-vlan association 101-102
> !
> vlan 252
>  name mgmt-net
>
> interface Vlan252
>  ip address 10.0.0.200 255.255.255.0
>  no ip route-cache
>  no ip mroute-cache
>
> interface GigabitEthernet0/4
>  description Uplink to distribution switch
>  switchport trunk encapsulation dot1q
>  switchport trunk allowed vlan 140,252
>  switchport mode trunk
>  no logging event link-status
>  no snmp trap link-status
>  spanning-tree guard loop
> !
>
> Configuration for distribution switch:
>
> interface GigabitEthernet0/9
>  description Trunk port to PVLAN switch
>  switchport trunk allowed vlan 140,252
>  switchport mode trunk
>  spanning-tree guard loop
>
> In the normal environment, vlan 140 works fine and servers can talk back to
> the gateway (just that they can also talk to each other on the access
> switch).
>
> Any suggestions?
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list