03-24-2014 07:15 AM - edited 03-01-2019 07:33 AM
Hi,
Anyone has implemenented PVLAN over OTV? Is there any restriction to it?
Thanks.
Alex
Solved! Go to Solution.
12-11-2014 03:54 PM
Hi Alex,
I saw your question while playing myself with Private-VLANs and OTV and the idea to combine it (just for LAB purpose :-) ) and having problem's to make it work (and found no answer here).
The answer: it works, but not out of the box.
The Problem is that secondary Private-VLAN's don't have any CAM Table entries associated, which is a problem for OTV which doesn't forward any unknown Unicast. You need to make static CAM Entries on the OTV VDC's pointing to the OTV internal Interface for the Private VLAN Devices on that local site. That way you get the necessary OTV route entries (selective OTV unicast flooding didn't work for me).
Hope you are still interested in the answer to your question, it was great fun to think about this little problem.
Simon
03-24-2014 11:41 AM
Hi, on documentation there is no limitation between PVLAN and OTV see links (Limitations with Other Features)
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/layer2/configuration/guide/Cisco_Nexus_7000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_Release_5-x_chapter6.html#con_1344136
(Guidelines and Limitations for OTV)
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/OTV/config_guide/b_Cisco_Nexus_7000_Series_NX-OS_OTV_Configuration_Guide.pdf
12-11-2014 03:54 PM
Hi Alex,
I saw your question while playing myself with Private-VLANs and OTV and the idea to combine it (just for LAB purpose :-) ) and having problem's to make it work (and found no answer here).
The answer: it works, but not out of the box.
The Problem is that secondary Private-VLAN's don't have any CAM Table entries associated, which is a problem for OTV which doesn't forward any unknown Unicast. You need to make static CAM Entries on the OTV VDC's pointing to the OTV internal Interface for the Private VLAN Devices on that local site. That way you get the necessary OTV route entries (selective OTV unicast flooding didn't work for me).
Hope you are still interested in the answer to your question, it was great fun to think about this little problem.
Simon
02-11-2015 09:53 AM
SO I'm Currently trying to Implement this and I tried Static Cam Entrys and without Entries and have issues wither way
I have taken a Community PVLAN and a Host Associated port on one side of the OTV and the host port on same secondary vlan on other side.
Cannot ping
Flip it to Promiscous port on one side with Association Starts to ping.
Thinking through the logic I looked at the Mac address table of the primary vlan and had the mac info of the host/Secondary Comm Vlan, and looked at the otv route statement and had the Mac seen attached to the primary vlan coming from the Correct side. both sides.
So the Static Cam Statement didnt make sense. Even so I tried it, and it still did not work.
Just to ensure I understand the Logic on the OTV VDC Cam Statement
mac address-table static "MAC-ADD" vlan X int E1/10 " L2 interface that your learning the mac from already"
The mac should be the mac of host port in which the secondary vlan host resides.
Running ver 6.2(8)
Running OTV for 20 normal Vlan no issues on this code since August.
Any thoughts??
02-11-2015 05:07 PM
I think I know What Im dong wrong and will attempt this tomorrow.
otv flood mac 0000.2101.1111 vlan 72
to flood unknown unicast accros OTV similar to the way that you would for MLB VMACs.
06-13-2014 11:04 AM
Hi Alex,
There is no such restriction from OTV. What you define in the access-interface and the overlay interface will be allowed.
Do revert back if you have any more specifics you wanted to know related to OTV.
Thanks,
Aries
12-13-2014 02:24 AM
Hi Simon,
I have no chance to actual implement PVLAN over OTV as the environment i'm working with is live. I ended up with traditional method of using port-based ACL. However, it's still great to know that the combination of PVLAN and OTV actually works.
Thank you for sharing your experience and test result.
Regards,
Alex
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide