ExtremeSwitching (EXOS)

Expand all | Collapse all

Private VLAN routing issue

  • 1.  Private VLAN routing issue

    Posted 10-05-2016 19:21
    I've configured a private VLAN for ports 1 and 2 so that they are isolated from one another. The configuration shown below is how I set it up, however, when I place a client on port 1 I can not ping the gateway.The client can ping the VLAN Mgmt99 IP: 10.10.99.6. Note port 48 is a trunk port to my core switch with the same Mgmt99 VLAN on it. I tried ipforwarding of mgmt99 vlan but that did not help.

    create vlan "Mgmt99"
    configure vlan Mgmt99 tag 99create vlan "Mgmt99_pv_isol"
    configure vlan Mgmt99_pv_isol tag 199

    create private-vlan "Mgmt99_PV"
    configure private-vlan Mgmt99_PV add network Mgmt99

    configure private-vlan Mgmt99_PV add subscriber Mgmt99_pv_isol

    configure vlan Mgmt99 add ports 48 tagged (Trunk Port)

    configure vlan Mgmt99_pv_isol add ports 1-2 untagged

    configure vlan Mgmt99 ipaddress 10.10.99.6 255.255.255.0

    configure iproute add default 10.10.99.1

    Thanks for any suggestions.



  • 2.  RE: Private VLAN routing issue

    Posted 10-06-2016 01:21
    Andrew,

    Could you add the below config line and check.
    "configure vlan Mgmt99 add ports 1 private-vlan translated"



  • 3.  RE: Private VLAN routing issue

    Posted 10-06-2016 16:59
    I get the following error when I add that config.

    Error: Can't add ports because they already exist in a Subscriber VLAN.


  • 4.  RE: Private VLAN routing issue

    Posted 10-06-2016 22:21
    Hi Andrew,

    Please try adding the port 48 as a translated port.

    configure Vlan mgmt99 add port 48 private-Vlan translated.

    Let us know the results!


  • 5.  RE: Private VLAN routing issue

    Posted 10-06-2016 22:39
    Hi Andrew,

    Similar example is explained in the User guide: under the section, "Extending Network and Subscriber VLANs to Other Switches"

    http://documentation.extremenetworks.com/exos/EXOS_21_1/VLAN/c_extending-network-and-subscriber-vlan...
    If you would require any clarification, please feel free to let us know.


  • 6.  RE: Private VLAN routing issue

    Posted 10-10-2016 14:20
    When I add vlan mgmt99 port 48 to private-vlan translated I get the following notice. I said yes to it.

    Adding an existing untagged member port of vlan Mgmt99 as tagged can cause STP configuration loss.

    Do you really want to add these ports? (y/N) Yes

    After making that change the client on port 1 can ping the gateway and is isolated as I wanted. Thanks for the help on this and thanks for pointing to the support document as well, that helped.



  • 7.  RE: Private VLAN routing issue

    Posted 06-02-2018 18:27
    Please explain how that change give you the desired result.