This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- PVLAN configuration uncertainty with overlapping p...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
PVLAN configuration uncertainty with overlapping ports
PVLAN configuration uncertainty with overlapping ports
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-07-2016 06:46 PM
Hello,
I have an existing private vlan configuration that looks like this:
vlan2 (untagged)
+--------------port 1--------------+
| |
| |
+---port 2----------------port 3---+
vlan10 (untagged) vlan10 (untagged)
create vlan VLAN2 tag 2
create vlan VLAN10 tag 10
create vlan VLAN10 tag 10
create private-vlan PvlanUntagged
configure private-vlan PvlanUntagged add network VLAN2
configure private-vlan PvlanUntagged add subscriber VLAN10
configure vlan VLAN2 add ports 1 untagged
configure vlan VLAN10 add ports 2,3 untagged
This isolates VLAN10 on ports 2 and 3. VLAN10 leaves untagged on subscriber ports 2 and 3 and also leaves untagged on the network uplink port 1.
I need to add two additional subscriber vlans, this time they need to be tagged (both on the uplink port and subscriber ports). They need to be isolated as well (This means an additional private-vlan).
It will look like this:
vlan2 (untagged)
vlan3 (tagged)
+--------------port 1--------------+
| |
| |
+---port 2----------------port 3---+
vlan10 (untagged) vlan10 (untagged)
vlan20 (tagged) vlan20 (tagged)
vlan30 (tagged) vlan30 (tagged) create vlan VLAN3 tag 3
create vlan VLAN20 tag 20
create vlan VLAN30 tag 30
create private-vlan PvlanTagged
configure private-vlan PvlanTagged add network VLAN3
configure private-vlan PvlanTagged add subscriber VLAN20
configure private-vlan PvlanTagged add subscriber VLAN30
configure vlan VLAN3 add ports 1 tagged
configure vlan VLAN20 add ports 2,3 tagged
At first sight this looks correct, however I found this mention in the documentation:
"BlackDiamond 8000 series modules and Summit family switches, whether or not included in aSummitStack, require a loopback port for certain configurations. If two or more subscriber VLANs have
overlapping ports (where the same ports are assigned to both VLANs), each of the subscriber VLANs
with overlapping ports must have a dedicated loopback port"
It seems that this describes the exact situation I have with my configuration above. VLAN20 and VLAN30 share the same ports (2, 3).
In this case, according to the documentation I should add a loopback port to the second configured subscriber vlan via:
configure vlan VLAN30 vlan-translation add loopback-port XXX
However I am not sure what exactly do I choose as the loopback port for this command? Is there any rule to it? Or should I just choose port 2 or 3 since it doesn't matter?
Thank you.
I have an existing private vlan configuration that looks like this:
vlan2 (untagged)
+--------------port 1--------------+
| |
| |
+---port 2----------------port 3---+
vlan10 (untagged) vlan10 (untagged)
create vlan VLAN2 tag 2
create vlan VLAN10 tag 10
create vlan VLAN10 tag 10
create private-vlan PvlanUntagged
configure private-vlan PvlanUntagged add network VLAN2
configure private-vlan PvlanUntagged add subscriber VLAN10
configure vlan VLAN2 add ports 1 untagged
configure vlan VLAN10 add ports 2,3 untagged
This isolates VLAN10 on ports 2 and 3. VLAN10 leaves untagged on subscriber ports 2 and 3 and also leaves untagged on the network uplink port 1.
I need to add two additional subscriber vlans, this time they need to be tagged (both on the uplink port and subscriber ports). They need to be isolated as well (This means an additional private-vlan).
It will look like this:
vlan2 (untagged)
vlan3 (tagged)
+--------------port 1--------------+
| |
| |
+---port 2----------------port 3---+
vlan10 (untagged) vlan10 (untagged)
vlan20 (tagged) vlan20 (tagged)
vlan30 (tagged) vlan30 (tagged) create vlan VLAN3 tag 3
create vlan VLAN20 tag 20
create vlan VLAN30 tag 30
create private-vlan PvlanTagged
configure private-vlan PvlanTagged add network VLAN3
configure private-vlan PvlanTagged add subscriber VLAN20
configure private-vlan PvlanTagged add subscriber VLAN30
configure vlan VLAN3 add ports 1 tagged
configure vlan VLAN20 add ports 2,3 tagged
At first sight this looks correct, however I found this mention in the documentation:
"BlackDiamond 8000 series modules and Summit family switches, whether or not included in aSummitStack, require a loopback port for certain configurations. If two or more subscriber VLANs have
overlapping ports (where the same ports are assigned to both VLANs), each of the subscriber VLANs
with overlapping ports must have a dedicated loopback port"
It seems that this describes the exact situation I have with my configuration above. VLAN20 and VLAN30 share the same ports (2, 3).
In this case, according to the documentation I should add a loopback port to the second configured subscriber vlan via:
configure vlan VLAN30 vlan-translation add loopback-port XXX
However I am not sure what exactly do I choose as the loopback port for this command? Is there any rule to it? Or should I just choose port 2 or 3 since it doesn't matter?
Thank you.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-13-2016 03:32 AM
When packets ingress in a network vlan port it will be flooded to appropriate subscriber vlan loopback port and other network vlan ports. Further the subscriber vlan loopback port floods the packets to all other ports in the subscriber vlan. Based on egress vlan translation entry match the vlan tag of the packet will be replaced with a new vlan tag before it egresses out of a port.
When packets ingress in a subscriber vlan port it will be flooded to all ports in the subscriber vlan. Further the subscriber vlan loopback port floods the packets to the network vlan ports it belong to. Based on egress vlan translation entry match the vlan tag of the packet will be replaced with a new vlan tag before it egresses out of a port.
Loopback port should be a unused port which is dedicated to the particular subscriber VLAN. This loopback shouldn't be active. It creates an internal loopback to carry the traffic from subscriber vlan to network vlan.
In case if it is not working as expected, I would recommend you to opena case with Extreme.
When packets ingress in a subscriber vlan port it will be flooded to all ports in the subscriber vlan. Further the subscriber vlan loopback port floods the packets to the network vlan ports it belong to. Based on egress vlan translation entry match the vlan tag of the packet will be replaced with a new vlan tag before it egresses out of a port.
Loopback port should be a unused port which is dedicated to the particular subscriber VLAN. This loopback shouldn't be active. It creates an internal loopback to carry the traffic from subscriber vlan to network vlan.
In case if it is not working as expected, I would recommend you to opena case with Extreme.
