[c-nsp] PVLAN Question

Sam Evans wintrmte at gmail.com
Wed Jan 12 15:11:01 EST 2011 

Just wanted to take a moment and say thanks.  Your suggestion worked
beautifully.

Thank you again!

On Tue, Jan 11, 2011 at 6:32 PM, schilling <schilling2006 at gmail.com> wrote:

> promisc port has to be access port. So you need a loopback cable on
> your access switch with two vlan numbers for your primary vlan. For
> example vlan 140 and vlan 141, then your link to distribution will
> still be vlan 140, 252 trunk, but one end of loopback cable would be
> access vlan 140, the other end of the loopback cable will be access
> vlan 141. You can then set vlan 141 to be your primary vlan, and the
> end with access vlan 141 to be promisc port. So you have to use a
> loopback cable and two ports. Foundry/Brocade is the same way too.
>
> Schilling
>
> On Tue, Jan 11, 2011 at 7:57 PM, Sam Evans <wintrmte at gmail.com> wrote:
> > All,
> >
> > I am trying to do a PVLAN implementation on one switch in a distribution
> /
> > access switch environment.  Ideally, I'd like to just be able to use the
> > 'isolated' command but we have a few devices that will need to talk to
> port
> > neighbors, so the PVLAN community would work well.
> >
> > My challenge here is that the uplink port on the access switch is an
> 802.1q
> > trunk to the distribution.  In reading the documentation and not really
> > fully understanding pvlans, if I set the uplink port to a promisc port I
> > lose connectivity to the distribution switch.
> >
> > My config looks something like this (access switch):
> >
> > vlan 101
> >  private-vlan isolated
> > !
> > vlan 102
> >  private-vlan community
> > !
> > vlan 140
> >  private-vlan primary
> >  private-vlan association 101-102
> > !
> > vlan 252
> >  name mgmt-net
> >
> > interface Vlan252
> >  ip address 10.0.0.200 255.255.255.0
> >  no ip route-cache
> >  no ip mroute-cache
> >
> > interface GigabitEthernet0/4
> >  description Uplink to distribution switch
> >  switchport trunk encapsulation dot1q
> >  switchport trunk allowed vlan 140,252
> >  switchport mode trunk
> >  no logging event link-status
> >  no snmp trap link-status
> >  spanning-tree guard loop
> > !
> >
> > Configuration for distribution switch:
> >
> > interface GigabitEthernet0/9
> >  description Trunk port to PVLAN switch
> >  switchport trunk allowed vlan 140,252
> >  switchport mode trunk
> >  spanning-tree guard loop
> >
> > In the normal environment, vlan 140 works fine and servers can talk back
> to
> > the gateway (just that they can also talk to each other on the access
> > switch).
> >
> > Any suggestions?
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>

More information about the cisco-nsp mailing list