From: Alex Steer (alex.steer@eison.co.uk)
Date: Fri Oct 19 2007 - 15:41:47 ART
Hi,
I'm playing with private-vlans. I already know this topic really
well.... Hense why I have spent an hour trying to get it to work and not
succeeded (maybe I don't know it as well as I thought from abit of
reading!).
Anyway, my problem is. Although all routers connected to the various
ports and ping each other (or not) as expected. The SVIs on the 2
switches can't communicate with any community or isolated ports. I have
followed the instructions from the docCD but I'm still not having much
look.
Can anyone spot my mistake please?
Many thanks
Switch1#show run
vlan 101
private-vlan community
vlan 102
private-vlan community
vlan 103
private-vlan isolated
!
vlan 2000
private-vlan primary
private-vlan association 101-103
!
interface FastEthernet0/1
switchport private-vlan host-association 2000 103
switchport mode private-vlan host
!
interface FastEthernet0/3
switchport private-vlan host-association 2000 101
switchport mode private-vlan host
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan2000
ip address 192.10.1.7 255.255.255.0
private-vlan mapping 101-103
Switch1#show interface private-vlan mapping
Interface Secondary VLAN Type
--------- -------------- -----------------
vlan2000 101 community
vlan2000 102 community
vlan2000 103 isolated
Switch1#show ip int brie
Interface IP-Address OK? Method Status
Protocol
Vlan1 unassigned YES unset up
up
Vlan2000 192.10.1.7 YES manual up
up
Switch1#show vlan priv
Primary Secondary Type Ports
------- --------- -----------------
------------------------------------------
2000 101 community Fa0/3
2000 102 community
2000 103 isolated Fa0/1
Switch2#sh run
vlan 101
private-vlan community
vlan 102
private-vlan community
vlan 103
private-vlan isolated
vlan 2000
private-vlan primary
private-vlan association 101-103
!
interface FastEthernet0/1
switchport private-vlan mapping 2000 101-103
switchport mode private-vlan promiscuous
spanning-tree portfast
!
interface FastEthernet0/2
switchport private-vlan host-association 2000 103
switchport mode private-vlan host
spanning-tree portfast
!
interface FastEthernet0/6
switchport private-vlan host-association 2000 101
switchport mode private-vlan host
spanning-tree portfast
!
interface Vlan2000
ip address 192.10.1.8 255.255.255.0
private-vlan mapping 101-103
!
Switch2#ping 192.10.1.254 (promiscuous port, switch1, port2)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.10.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms
Switch2#ping 192.10.1.7 (switch 1 SVI)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.10.1.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Switch2#ping 192.10.1.6 (port6, community port)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.10.1.6, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Router6#ping 192.10.1.3 (port 3 on switch1)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.10.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Router6#ping 192.10.1.254 (port1 on switch2 , community port)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.10.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Router6#ping 192.10.1.8 (SVI switch2)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.10.1.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:17 ART