PVLAN configuration uncertainty with overlapping ports

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
  • (Edited)
Hello,

I have an existing private vlan configuration that looks like this:

         vlan2 (untagged)
+--------------port 1--------------+
|                         |
|                         |
+---port 2----------------port 3---+
vlan10 (untagged)      vlan10 (untagged)

create vlan VLAN2   tag 2
create vlan VLAN10 tag 10
create vlan VLAN10 tag 10

create private-vlan PvlanUntagged
configure private-vlan PvlanUntagged add network VLAN2
configure private-vlan PvlanUntagged add subscriber VLAN10

configure vlan VLAN2 add ports 1 untagged
configure vlan VLAN10 add ports 2,3 untagged

This isolates VLAN10 on ports 2 and 3. VLAN10 leaves untagged on subscriber ports 2 and 3 and also leaves untagged on the network uplink port 1.


I need to add two additional subscriber vlans, this time they need to be tagged (both on the uplink port and subscriber ports). They need to be isolated as well (This means an additional private-vlan).

It will look like this:

           vlan2 (untagged)
           vlan3 (tagged)
+--------------port 1--------------+
|                         |
|                         |
+---port 2----------------port 3---+
vlan10 (untagged)      vlan10 (untagged)
vlan20 (tagged) vlan20 (tagged)
vlan30 (tagged) vlan30 (tagged) 
create vlan VLAN3   tag 3
create vlan VLAN20 tag 20
create vlan VLAN30 tag 30

create private-vlan PvlanTagged
configure private-vlan PvlanTagged  add network VLAN3
configure private-vlan PvlanTagged  add subscriber VLAN20
configure private-vlan PvlanTagged  add subscriber VLAN30

configure vlan VLAN3 add ports 1 tagged
configure vlan VLAN20 add ports 2,3 tagged

At first sight this looks correct, however I found this mention in the documentation:

"BlackDiamond 8000 series modules and Summit family switches, whether or not included in aSummitStack, require a loopback port for certain configurations. If two or more subscriber VLANs have
overlapping ports (where the same ports are assigned to both VLANs), each of the subscriber VLANs
with overlapping ports must have a dedicated loopback port"

It seems that this describes the exact situation I have with my configuration above. VLAN20 and VLAN30 share the same ports (2, 3).

In this case, according to the documentation I should add a loopback port to the second configured subscriber vlan via:
 
configure vlan VLAN30 vlan-translation add loopback-port XXX

However I am not sure what exactly do I choose as the loopback port for this command? Is there any rule to it? Or should I just choose port 2 or 3 since it doesn't matter?

Thank you. 
 
Photo of Michal H

Michal H

  • 70 Points

Posted 3 years ago

  • 0
  • 1
Photo of Senguttuvan, Arun

Senguttuvan, Arun, Employee

  • 876 Points 500 badge 2x thumb
When packets ingress in a network vlan port it will be flooded to appropriate subscriber vlan loopback port and other network vlan ports. Further the subscriber vlan loopback port floods the packets to all other ports in the subscriber vlan. Based on egress vlan translation entry match the vlan tag of the packet will be replaced with a new vlan tag before it egresses out of a port.

 When packets ingress in a subscriber vlan port it will be flooded to all ports in the subscriber vlan. Further the subscriber vlan loopback port floods the packets to the network vlan ports it belong to. Based on egress vlan translation entry match the vlan tag of the packet will be replaced with a new vlan tag before it egresses out of a port.


Loopback port should be a unused port which is dedicated to the particular subscriber VLAN. This loopback shouldn't be active. It creates an internal loopback to carry the traffic from subscriber vlan to network vlan. 

In case if it is not working as expected, I would recommend you to opena case with Extreme.