Private VLAN routing issue

  • 0
  • 1
  • Problem
  • Updated 3 weeks ago
  • Solved
I've configured a private VLAN for  ports 1 and 2 so that they are isolated from one another. The configuration shown below is how I set it up, however, when I place a client on port 1 I can not ping the gateway.The client can ping the VLAN Mgmt99 IP: 10.10.99.6. Note port 48 is a trunk port to my core switch with the same Mgmt99 VLAN on it. I tried ipforwarding of mgmt99 vlan but that did not help.


create vlan "Mgmt99"
configure vlan Mgmt99 tag 99

create vlan "Mgmt99_pv_isol"
configure vlan Mgmt99_pv_isol tag 199 

create private-vlan "Mgmt99_PV"
configure private-vlan Mgmt99_PV add network Mgmt99

configure private-vlan Mgmt99_PV add subscriber Mgmt99_pv_isol

configure vlan Mgmt99 add ports 48 tagged (Trunk Port)

configure vlan Mgmt99_pv_isol add ports 1-2 untagged

configure vlan Mgmt99 ipaddress 10.10.99.6 255.255.255.0

configure iproute add default 10.10.99.1


Thanks for any suggestions.

Photo of Andrew Schulz

Andrew Schulz

  • 432 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Karthik Mohandoss

Karthik Mohandoss, Employee

  • 5,524 Points 5k badge 2x thumb
Andrew,

Could you add the below config line and check. 
 "configure vlan Mgmt99 add ports 1 private-vlan translated" 
Photo of Andrew Schulz

Andrew Schulz

  • 432 Points 250 badge 2x thumb
I get the following error when I add that config.

Error: Can't add ports because they already exist in a Subscriber VLAN.
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Hi Andrew,

Please try adding the port 48 as a translated port. 

configure Vlan mgmt99 add port 48 private-Vlan translated. 

Let us know the results! 
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Hi Andrew,

Similar example is explained in the User guide: under the section, "Extending Network and Subscriber VLANs to Other Switches"

http://documentation.extremenetworks.com/exos/EXOS_21_1/VLAN/c_extending-network-and-subscriber-vlan...
If you would require any clarification, please feel free to let us know.
(Edited)
Photo of Andrew Schulz

Andrew Schulz

  • 432 Points 250 badge 2x thumb
When I add vlan mgmt99 port 48 to private-vlan translated I get the following notice. I said yes to it.

Adding an existing untagged member port of vlan Mgmt99 as tagged can cause STP configuration loss.

Do you really want to add these ports? (y/N) Yes

After making that change the client on port 1 can ping the gateway and is isolated as I wanted. Thanks for the help on this and thanks for pointing to the support document as well, that helped.
Photo of nola saint

nola saint

  • 180 Points 100 badge 2x thumb
Please explain how that change give you the desired result.