cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
430
Views
0
Helpful
1
Replies

Private VLAN Promiscuous Ports Able to Ping Ports Outside of Mapping

Hello,

I am running into an issue using Private Vlans on a Cisco Catalyst 3650 running the latest iOS 12 (Gibraltar) release. I have  private vlan setup and promiscuous ports in the primary vlan are able to ping machines outside of their vlan mapping. Is this the expected behavior in a private vlan or is their something wrong with my configuration? 

 

Thanks for any feedback!

 

Current running configuration (Promiscuous Port 1 is able to ping ports in VLAN 11 even though it is not mapped to VLAN 11)

Switch#sh vlan private

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
10      3         isolated          Gi0/0, Gi0/1, Gi0/2
10      11        community         Gi0/2, Gi1/0
10      21        community         Gi0/1, Gi0/3
vlan 3
  private-vlan isolated
!
vlan 10
  private-vlan primary
  private-vlan association 3,11,21
!
vlan 11
  private-vlan community
!
vlan 21
  private-vlan community
!

!
interface GigabitEthernet0/0
 switchport private-vlan host-association 10 3
 switchport mode private-vlan host
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport private-vlan mapping 10 3,21
 switchport mode private-vlan promiscuous
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/2
 switchport private-vlan mapping 10 3,11
 switchport mode private-vlan promiscuous
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/3
 switchport private-vlan host-association 10 21
 switchport mode private-vlan host
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/0
 switchport private-vlan host-association 10 11
 switchport mode private-vlan host
 media-type rj45
 negotiation auto
!
Switch#sh int status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/0                        connected    10,3       a-full   auto RJ45
Gi0/1                        connected    10         a-full   auto RJ45
Gi0/2                        connected    10         a-full   auto RJ45
Gi0/3                        connected    10,21      a-full   auto RJ45
Gi1/0                        connected    10,11      a-full   auto RJ45
1 Reply 1

Hello

Duplicate post - here


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the communityā€™s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: