Private VLAN routing issue


Userlevel 1
I've configured a private VLAN for ports 1 and 2 so that they are isolated from one another. The configuration shown below is how I set it up, however, when I place a client on port 1 I can not ping the gateway.The client can ping the VLAN Mgmt99 IP: 10.10.99.6. Note port 48 is a trunk port to my core switch with the same Mgmt99 VLAN on it. I tried ipforwarding of mgmt99 vlan but that did not help.

create vlan "Mgmt99"
configure vlan Mgmt99 tag 99create vlan "Mgmt99_pv_isol"
configure vlan Mgmt99_pv_isol tag 199

create private-vlan "Mgmt99_PV"
configure private-vlan Mgmt99_PV add network Mgmt99

configure private-vlan Mgmt99_PV add subscriber Mgmt99_pv_isol

configure vlan Mgmt99 add ports 48 tagged (Trunk Port)

configure vlan Mgmt99_pv_isol add ports 1-2 untagged

configure vlan Mgmt99 ipaddress 10.10.99.6 255.255.255.0

configure iproute add default 10.10.99.1

Thanks for any suggestions.

6 replies

Userlevel 6
Andrew,

Could you add the below config line and check.
"configure vlan Mgmt99 add ports 1 private-vlan translated"
Userlevel 1
I get the following error when I add that config.

Error: Can't add ports because they already exist in a Subscriber VLAN.
Userlevel 6
Hi Andrew,

Please try adding the port 48 as a translated port.

configure Vlan mgmt99 add port 48 private-Vlan translated.

Let us know the results!
Userlevel 6
Hi Andrew,

Similar example is explained in the User guide: under the section, "Extending Network and Subscriber VLANs to Other Switches"

http://documentation.extremenetworks.com/exos/EXOS_21_1/VLAN/c_extending-network-and-subscriber-vlan...
If you would require any clarification, please feel free to let us know.
Userlevel 1
When I add vlan mgmt99 port 48 to private-vlan translated I get the following notice. I said yes to it.

Adding an existing untagged member port of vlan Mgmt99 as tagged can cause STP configuration loss.

Do you really want to add these ports? (y/N) Yes

After making that change the client on port 1 can ping the gateway and is isolated as I wanted. Thanks for the help on this and thanks for pointing to the support document as well, that helped.
Userlevel 1
Please explain how that change give you the desired result.

Reply