09-29-2006 02:53 PM - edited 03-03-2019 05:18 AM
I have the following private vlan configuration:
What do I have to do in order for the networks sitting behind router1 and router2
to talk to each other.
I have verified that both routers have the correct routes on their routing table
vlan 116
name primary
private-vlan primary
private-vlan association 117-122
vlan 119
name torouter2
private-vlan community
vlan 121
name torouter1
private-vlan community
interface GigabitEthernet2/16
description Connection to router2
switchport
switchport private-vlan host-association 116 119
switchport mode private-vlan host
no ip address
speed 100
duplex full
spanning-tree portfast
interface GigabitEthernet1/4
description Connection to router1
switchport
switchport private-vlan host-association 116 121
switchport mode private-vlan host
no ip address
speed nonegotiate
spanning-tree portfast
thank you very much,
Alban
09-30-2006 03:07 AM
Hello Alban,
Where's your promiscous port?
Switch# configure terminal
Switch(config)# interface Gig X/X
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# switchport private-vlan mapping 116 add 119 121
Switch(config-if)# end
let us know,
Vlad
09-30-2006 07:29 AM
Vlad,
thank you.
I do not have a promiscuos port configured.
If I configure one what do I connect to it?
Thanks
Alban
09-30-2006 08:00 AM
I think you should read the following document for a better clarification on the subject:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swpvlan.htm
this is for 3560, but you'll find it on other IOS versions and platforms.
the promiscous port will be the port that is allowed to communicate with all other interfaces, so usually is the port connected to a router.
I'm not what is your requirements on this scenario.
Please give us more details, we could find a better configuration for you.
Vlad
09-30-2006 09:46 AM
Vlad,
From networks connected behind router1 need to reach networks connected behind router2
------[router1]--------------gig1/4[vdmz]gig2/16----------------[router2]-------
gig1/4 is community vlan 121
gig2/16 is in community vlan 119
Primary vlan is Vlan116
VDMZ is our 6503 configured with private vlans.
some more of the config is this (and I do have a 6503 with an mscf daughter card):
--------------------------------------------------------------------
interface Vlan116
description vendor-dmz public/private primary vlan
ip address 10.248.15.2 255.255.255.128 secondary
ip address 211.121.108.66 255.255.255.192
ip access-group 140 in (this one has a permit any any at the end)
no ip redirects
no ip unreachables
private-vlan mapping 117-122
ip route 10.82.35.0 255.255.255.0 211.121.108.96
------------------------------------------------------------------
(where 211.121.108.96 is address of router1)
I have a bgp peering with 211.121.108.90 which is router2.
in router1 they can see the routes advertised via bgp and also in router2 they
can see the route for 10.82.35.0 that I advertise to them via bgp.
I really appreciate your help,
Alban
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide