Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
3
Replies

Need help with PVLAN's / Protected ports / Q-in-Q

Go to solution
Astur1980
Level 1
Level 1

‎02-19-2020 03:55 AM

Hi guys, 

I've been several days struggling with a configuration that I'm not able to make work. First of all, I'm using a Cisco C2960X switch with the latest firmware version. 

I have 3 ONT's connected to the switch, on ports 1/0/1, 1/0/2 and 1/0/3. These ports are in trunk mode, allowed VLAN's 2, 3 and 6; this is because the ISP works like this, VLAN 6 is for internet, VLAN 2 for IPTV and so on. 

On the other side I have 3 interfaces of  my router connected to switch ports 1/0/10, 1/0/11 and 1/0/12, all these three in mode access VLAN 6.

The thing is that I need to isolate the things because when the router starts a PPPOE session it uses a random (and wrong) ONT because the 3 ONT's are in the same VLAN (6). 

 

In other words, I need to link only port 1/0/1 with port 1/0/10 in the way that the router can't see the other ONT's (even when they are in the same VLAN 6).

I've gone crazy reading abut VLAN Q-in-Q, Private VLANs and protected ports, but haven't been able to understand the way to achieve this. 

Any help will be much appreciated. 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ngkin2010
Level 7
Level 7

‎02-19-2020 04:19 AM - edited ‎02-19-2020 05:57 AM

Hi,

Are you trying to build PPPoE on router with each router port connected to specific ONT respectively over VLAN6?

I afraid you couldn't do that by neither PVLAN nor Q-in-Q. PVLAN trunk or VLAN translation (VLAN mapping) might help but not supported on 2960X.

As an alternative, did you try to apply MAC address ACL on 2960X Gi1/0/1, Gi1/0/2, Gi1/0/3, to allow only router interface's MAC to pass through to dedicated ONT? I guess it should work, but may make your network become more complicated.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
ngkin2010
Level 7
Level 7

‎02-19-2020 04:19 AM - edited ‎02-19-2020 05:57 AM

Hi,

Are you trying to build PPPoE on router with each router port connected to specific ONT respectively over VLAN6?

I afraid you couldn't do that by neither PVLAN nor Q-in-Q. PVLAN trunk or VLAN translation (VLAN mapping) might help but not supported on 2960X.

As an alternative, did you try to apply MAC address ACL on 2960X Gi1/0/1, Gi1/0/2, Gi1/0/3, to allow only router interface's MAC to pass through to dedicated ONT? I guess it should work, but may make your network become more complicated.

0 Helpful

Go to solution
Astur1980
Level 1
Level 1
In response to ngkin2010

‎02-20-2020 02:37 AM

Hi @ngkin2010 , many thanks for your reply. I wasn't aware of the MAC ACL's!!!! and it seems this may work for me!! I'll try and will comment the result here

 

Thanks

0 Helpful

Go to solution
Astur1980
Level 1
Level 1
In response to ngkin2010

‎02-21-2020 02:34 AM

Looks like it worked, thanks a lot!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card