Private VLAN configuration assistance

cisco24x7 · ‎09-14-2009

Is it possible to have both primary VLAN and members VLAN residing on the same line card of the Catalyst 6509? For example:

interface FastEthernet1/1

description Firewall port

switchport

switchport private-vlan mapping 527 528-529

switchport mode private-vlan promiscuous

no ip address

spanning-tree portfast

!

interface FastEthernet1/2

description c2811

switchport

switchport private-vlan host-association 527 528

switchport mode private-vlan host

no ip address

speed 100

duplex full

spanning-tree portfast

!

interface FastEthernet1/3

description c3640

switchport

switchport private-vlan host-association 527 529

switchport mode private-vlan host

no ip address

spanning-tree portfast

LAB6500F#sh mod

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

1 48 48-port 10/100 mb RJ45 WS-X6148-45AF SAL09190GSZ

3 48 48-port 10/100 mb RJ45 WS-X6148-45AF SAL09190GK8

6 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL092644DU

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------ ------------ -------

1 0013.c4e9.1d48 to 0013.c4e9.1d77 3.0 8.3(1) 8.5(0.46)RFW Ok

3 0013.c3f9.0b64 to 0013.c3f9.0b93 3.0 8.3(1) 8.5(0.46)RFW Ok

6 0013.7f0d.5110 to 0013.7f0d.5113 4.4 8.1(3) 12.2(18)SXF1 Ok

Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ ----------- ------- -------

1 IEEE Voice Daughter Card WS-F6K-FE48-AF SAL09190GVH 1.5 Ok

3 IEEE Voice Daughter Card WS-F6K-FE48-AF SAL091802HK 1.5 Ok

6 Policy Feature Card 3 WS-F6K-PFC3B SAL09253X5X 2.1 Ok

6 MSFC3 Daughterboard WS-SUP720 SAL09253VHE 2.3 Ok

Mod Online Diag Status

---- -------------------

1 Pass

3 Pass

6 Pass

LAB6500F#sh ver

Cisco Internetwork Operating System Software

IOS (tm) s72033_rp Software (s72033_rp-ENTSERVICESK9_WAN-M), Version 12.2(18)SXF14, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 08-May-08 01:32 by kellythw

Image text-base: 0x40101040, data-base: 0x42DCEA30

ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)

BOOTLDR: s72033_rp Software (s72033_rp-ENTSERVICESK9_WAN-M), Version 12.2(18)SXF14, RELEASE SOFTWARE (fc1)

LAB6500F uptime is 8 weeks, 4 days, 19 hours, 47 minutes

Time since LAB6500F switched to active is 8 weeks, 4 days, 19 hours, 46 minutes

System returned to ROM by power cycle at 23:02:18 UTC Wed Jul 15 2009 (SP by power on)

System restarted at 23:07:38 UTC Wed Jul 15 2009

System image file is "disk0:s72033-entservicesk9_wan-mz.122-18.SXF14.bin"

With this configuration, both f1/2 and f1/3 is put down because:

Sep 14 17:29:05.836: %PM-SP-3-ERR_INCOMP_PORT: 1/2 is set to inactive because 1/1 is a promiscuous port

Sep 14 17:29:38.762: %PM-SP-3-ERR_INCOMP_PORT: 1/3 is set to inactive because 1/1 is a promiscuous port

In order for PVLAN to work properly, I have to move the configuration of F1/2 and F1/3 to a different line card.

Is this a requirement in Catalyst 6500?

Thanks.

yagnesh_tel · ‎09-14-2009

Hi David,

Yes, that's the limitation.

See 'Private VLAN Configuration Guidelines and Restrictions' This also list modules on which this limitation applied.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/pvlans.html#wp1143064

Jon Marshall · ‎09-14-2009

David

As Yagnesh has said it is a limitation of the 6500. However it is a limitation based on port groupings on the line card. The port groupings for the WS-X6148-45AF are -

Number of ports: 48

Number of port groups: 4

Port ranges per port group: 1-12, 13-24, 25-36, 37-48

so you should be able to configure it on the same line card but not within the same port group.

Jon

cisco24x7 · ‎09-14-2009

Is it safe to assume that Cisco 3550 and 3750 does not have this limitation? Thanks.

yagnesh_tel · ‎09-14-2009

Correct. There is no such limitation for them.