Re: private-vlans, layer3 interface can't ping anything

From: Eagle (ddycus@gmail.com)
Date: Fri Oct 19 2007 - 19:46:36 ART

• Next message: John Jones: "Re: My Dynamips experience on Linux"
• Previous message: Brian Dennis: "RE: Lab Query"
• Maybe in reply to: Alex Steer: "private-vlans, layer3 interface can't ping anything"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Do you have any access ports set to use the vlans which have SVI IPs
assigned? If its not assigned to a port that is UP, it won't be reachable.

On 10/19/07, Alex Steer <alex.steer@eison.co.uk> wrote:
>
> Hi,
>
>
>
> I'm playing with private-vlans. I already know this topic really
> well.... Hense why I have spent an hour trying to get it to work and not
> succeeded (maybe I don't know it as well as I thought from abit of
> reading!).
>
>
>
> Anyway, my problem is. Although all routers connected to the various
> ports and ping each other (or not) as expected. The SVIs on the 2
> switches can't communicate with any community or isolated ports. I have
> followed the instructions from the docCD but I'm still not having much
> look.
>
>
>
> Can anyone spot my mistake please?
>
>
>
> Many thanks
>
>
>
> Switch1#show run
>
>
>
> vlan 101
>
> private-vlan community
>
> vlan 102
>
> private-vlan community
>
> vlan 103
>
> private-vlan isolated
>
> !
>
> vlan 2000
>
> private-vlan primary
>
> private-vlan association 101-103
>
> !
>
> interface FastEthernet0/1
>
> switchport private-vlan host-association 2000 103
>
> switchport mode private-vlan host
>
> !
>
> interface FastEthernet0/3
>
> switchport private-vlan host-association 2000 101
>
> switchport mode private-vlan host
>
> spanning-tree portfast
>
> !
>
> interface GigabitEthernet0/1
>
> switchport trunk encapsulation dot1q
>
> switchport mode trunk
>
> !
>
> interface Vlan2000
>
> ip address 192.10.1.7 255.255.255.0
>
> private-vlan mapping 101-103
>
>
>
> Switch1#show interface private-vlan mapping
>
> Interface Secondary VLAN Type
>
> --------- -------------- -----------------
>
> vlan2000 101 community
>
> vlan2000 102 community
>
> vlan2000 103 isolated
>
>
>
> Switch1#show ip int brie
>
> Interface IP-Address OK? Method Status
> Protocol
>
> Vlan1 unassigned YES unset up
> up
>
> Vlan2000 192.10.1.7 YES manual up
> up
>
>
>
> Switch1#show vlan priv
>
>
>
> Primary Secondary Type Ports
>
> ------- --------- -----------------
> ------------------------------------------
>
> 2000 101 community Fa0/3
>
> 2000 102 community
>
> 2000 103 isolated Fa0/1
>
>
>
>
>
> Switch2#sh run
>
>
>
> vlan 101
>
> private-vlan community
>
> vlan 102
>
> private-vlan community
>
> vlan 103
>
> private-vlan isolated
>
> vlan 2000
>
> private-vlan primary
>
> private-vlan association 101-103
>
> !
>
> interface FastEthernet0/1
>
> switchport private-vlan mapping 2000 101-103
>
> switchport mode private-vlan promiscuous
>
> spanning-tree portfast
>
> !
>
> interface FastEthernet0/2
>
> switchport private-vlan host-association 2000 103
>
> switchport mode private-vlan host
>
> spanning-tree portfast
>
> !
>
> interface FastEthernet0/6
>
> switchport private-vlan host-association 2000 101
>
> switchport mode private-vlan host
>
> spanning-tree portfast
>
> !
>
> interface Vlan2000
>
> ip address 192.10.1.8 255.255.255.0
>
> private-vlan mapping 101-103
>
> !
>
> Switch2#ping 192.10.1.254 (promiscuous port, switch1, port2)
>
> Type escape sequence to abort.
>
> Sending 5, 100-byte ICMP Echos to 192.10.1.254, timeout is 2 seconds:
>
> !!!!!
>
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms
>
> Switch2#ping 192.10.1.7 (switch 1 SVI)
>
>
>
> Type escape sequence to abort.
>
> Sending 5, 100-byte ICMP Echos to 192.10.1.7, timeout is 2 seconds:
>
> !!!!!
>
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
>
> Switch2#ping 192.10.1.6 (port6, community port)
>
>
>
> Type escape sequence to abort.
>
> Sending 5, 100-byte ICMP Echos to 192.10.1.6, timeout is 2 seconds:
>
> .....
>
> Success rate is 0 percent (0/5)
>
>
>
> Router6#ping 192.10.1.3 (port 3 on switch1)
>
>
>
> Type escape sequence to abort.
>
> Sending 5, 100-byte ICMP Echos to 192.10.1.3, timeout is 2 seconds:
>
> !!!!!
>
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
>
>
>
> Router6#ping 192.10.1.254 (port1 on switch2 , community port)
>
>
>
> Type escape sequence to abort.
>
> Sending 5, 100-byte ICMP Echos to 192.10.1.254, timeout is 2 seconds:
>
> !!!!!
>
> Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
>
> Router6#ping 192.10.1.8 (SVI switch2)
>
>
>
> Type escape sequence to abort.
>
> Sending 5, 100-byte ICMP Echos to 192.10.1.8, timeout is 2 seconds:
>
> .....
>
> Success rate is 0 percent (0/5)
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: John Jones: "Re: My Dynamips experience on Linux"
• Previous message: Brian Dennis: "RE: Lab Query"
• Maybe in reply to: Alex Steer: "private-vlans, layer3 interface can't ping anything"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:17 ART