02-19-2020 03:55 AM
Hi guys,
I've been several days struggling with a configuration that I'm not able to make work. First of all, I'm using a Cisco C2960X switch with the latest firmware version.
I have 3 ONT's connected to the switch, on ports 1/0/1, 1/0/2 and 1/0/3. These ports are in trunk mode, allowed VLAN's 2, 3 and 6; this is because the ISP works like this, VLAN 6 is for internet, VLAN 2 for IPTV and so on.
On the other side I have 3 interfaces of my router connected to switch ports 1/0/10, 1/0/11 and 1/0/12, all these three in mode access VLAN 6.
The thing is that I need to isolate the things because when the router starts a PPPOE session it uses a random (and wrong) ONT because the 3 ONT's are in the same VLAN (6).
In other words, I need to link only port 1/0/1 with port 1/0/10 in the way that the router can't see the other ONT's (even when they are in the same VLAN 6).
I've gone crazy reading abut VLAN Q-in-Q, Private VLANs and protected ports, but haven't been able to understand the way to achieve this.
Any help will be much appreciated.
Thanks
Solved! Go to Solution.
02-19-2020 04:19 AM - edited 02-19-2020 05:57 AM
Hi,
Are you trying to build PPPoE on router with each router port connected to specific ONT respectively over VLAN6?
I afraid you couldn't do that by neither PVLAN nor Q-in-Q. PVLAN trunk or VLAN translation (VLAN mapping) might help but not supported on 2960X.
As an alternative, did you try to apply MAC address ACL on 2960X Gi1/0/1, Gi1/0/2, Gi1/0/3, to allow only router interface's MAC to pass through to dedicated ONT? I guess it should work, but may make your network become more complicated.
02-19-2020 04:19 AM - edited 02-19-2020 05:57 AM
Hi,
Are you trying to build PPPoE on router with each router port connected to specific ONT respectively over VLAN6?
I afraid you couldn't do that by neither PVLAN nor Q-in-Q. PVLAN trunk or VLAN translation (VLAN mapping) might help but not supported on 2960X.
As an alternative, did you try to apply MAC address ACL on 2960X Gi1/0/1, Gi1/0/2, Gi1/0/3, to allow only router interface's MAC to pass through to dedicated ONT? I guess it should work, but may make your network become more complicated.
02-20-2020 02:37 AM
Hi @ngkin2010 , many thanks for your reply. I wasn't aware of the MAC ACL's!!!! and it seems this may work for me!! I'll try and will comment the result here
Thanks
02-21-2020 02:34 AM
Looks like it worked, thanks a lot!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide