This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Technical Discussions
- Network Architecture & Design
- RE: PVLan Network uplinks
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
PVLan Network uplinks
PVLan Network uplinks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-07-2015 06:50 PM
We have a situation where multiple "clients" share the same uplink. For the sake of isolation and ease of recognition, I'd considered moving to PVLans instead of using the same VLAN for all traffic. However, it seems that in order to use PVLans, the port that the translation occurs on has to be untagged. Is this accurate?
Our ideal scenario:
Network VLAN 2 - Internet Traffic
Subscriber VLAN 21 - Client #1 traffic
Subscriber VLAN 22 - Client #2 traffic
Subscriber VLAN 23 - Client #3 traffic
VLAN 3 - Non-internet traffic to ISP
VLAN 4 - Non-internet traffic to ISP
Switch 1:
PVLAN configured
Port 1:1 - Uplink to ISP. Translation port VLAN 2,3,4
Port 1:2 - Link to Switch 2 Non-translation port VLAN 2,21,22,23,3,4
Port 1:3 - Link to Switch 3 Non-translation port VLAN 22,3,4
Switch 2:
PVLAN configured
Port 1:1 - Link to Switch 1 VLAN 2,21,22,23,3,4 non translation port
Port 1:2 - Link to client 1 VLAN 21
Port 1:3 - Link to client 2 VLAN 22
Port 1:4 - Link to client 3 VLAN 23
Port 1:5 - VLAN 3
Port 1:6 - VLAN 4
Switch 3:
No PVLAN configured
Port 1:1 - Link to Switch 1 VLAN 22,3,4
Port 1:2 - Link to client 2 VLAN 22
Port 1:3 - VLAN 3
Port 1:4 - VLAN 4
It appears that this may be better handled by the non-pvlan VLAN translation feature, though then I lose the isolation features.
Am I missing anything here?
Our ideal scenario:
Network VLAN 2 - Internet Traffic
Subscriber VLAN 21 - Client #1 traffic
Subscriber VLAN 22 - Client #2 traffic
Subscriber VLAN 23 - Client #3 traffic
VLAN 3 - Non-internet traffic to ISP
VLAN 4 - Non-internet traffic to ISP
Switch 1:
PVLAN configured
Port 1:1 - Uplink to ISP. Translation port VLAN 2,3,4
Port 1:2 - Link to Switch 2 Non-translation port VLAN 2,21,22,23,3,4
Port 1:3 - Link to Switch 3 Non-translation port VLAN 22,3,4
Switch 2:
PVLAN configured
Port 1:1 - Link to Switch 1 VLAN 2,21,22,23,3,4 non translation port
Port 1:2 - Link to client 1 VLAN 21
Port 1:3 - Link to client 2 VLAN 22
Port 1:4 - Link to client 3 VLAN 23
Port 1:5 - VLAN 3
Port 1:6 - VLAN 4
Switch 3:
No PVLAN configured
Port 1:1 - Link to Switch 1 VLAN 22,3,4
Port 1:2 - Link to client 2 VLAN 22
Port 1:3 - VLAN 3
Port 1:4 - VLAN 4
It appears that this may be better handled by the non-pvlan VLAN translation feature, though then I lose the isolation features.
Am I missing anything here?
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-11-2015 04:33 PM
To call this done, it appears that the command listed in the concepts guide (conf vlan add port private-vlan translated) does actually add it as a tagged vlan. This doesn't seem very clear in the documentation. Either way, I was able to get what I wanted working to work, so thanks for your help Bill.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-08-2015 10:33 AM
Bill,
Currently, all of the ports I want to be tagged 21 and 22 are tagged 2 with no isolation. VLAN 23 is using the non-pvlan VLAN translation on the old switch. I need to move the ISP uplink to a new switch and was hoping to implement this (or something similar) as part of the move.
I thought VMANs were for encapsulating an existing tag within another tag so customer sites could seamlessly talk without having to configure the customer tags on the intermediary network. Since we only provide access to the internet for our "clients", there would be no point where we would decapsulate back to the client tag.
Edit: I hadn't seen your second post when I started replying. In the concepts guide, example #1 they show this:
Currently, all of the ports I want to be tagged 21 and 22 are tagged 2 with no isolation. VLAN 23 is using the non-pvlan VLAN translation on the old switch. I need to move the ISP uplink to a new switch and was hoping to implement this (or something similar) as part of the move.
I thought VMANs were for encapsulating an existing tag within another tag so customer sites could seamlessly talk without having to configure the customer tags on the intermediary network. Since we only provide access to the internet for our "clients", there would be no point where we would decapsulate back to the client tag.
Edit: I hadn't seen your second post when I started replying. In the concepts guide, example #1 they show this:
- The final step is to configure VLAN translation on the local switch so that Research VLAN workstations can connect to the file servers on the remote switch:configure (vlan) Main add ports 1:1 private-vlan translated
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-08-2015 09:54 AM
Doug,
As to your original question, the port where the translation takes place does not need to be untagged. The best place to take a look on how to configure this would be the concept guide. It also provides some examples of how to configure...http://documentation.extremenetworks.com/exos/EXOS_All/VLAN/c_private-vlans.shtml
Bill
As to your original question, the port where the translation takes place does not need to be untagged. The best place to take a look on how to configure this would be the concept guide. It also provides some examples of how to configure...http://documentation.extremenetworks.com/exos/EXOS_All/VLAN/c_private-vlans.shtml
Bill
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
05-08-2015 09:27 AM
Doug,
Can you elaborate on how you are currently doing this? Are these currently tagged and you are just aggregating? Have you considered using VMAN's for this?
Bill
Can you elaborate on how you are currently doing this? Are these currently tagged and you are just aggregating? Have you considered using VMAN's for this?
Bill
