cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
191
Views
0
Helpful
1
Replies
Highlighted

Private VLAN Promiscuous Ports Able to Ping Ports Outside of Mapping

Hello,

I am running into an issue using Private Vlans on a Cisco Catalyst 3650 running the latest iOS 12 (Gibraltar) release. I have  private vlan setup and promiscuous ports in the primary vlan are able to ping machines outside of their vlan mapping. Is this the expected behavior in a private vlan or is their something wrong with my configuration? 

 

Thanks for any feedback!

 

Current running configuration (Promiscuous Port 1 is able to ping ports in VLAN 11 even though it is not mapped to VLAN 11)

Switch#sh vlan private

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
10      3         isolated          Gi0/0, Gi0/1, Gi0/2
10      11        community         Gi0/2, Gi1/0
10      21        community         Gi0/1, Gi0/3
vlan 3
  private-vlan isolated
!
vlan 10
  private-vlan primary
  private-vlan association 3,11,21
!
vlan 11
  private-vlan community
!
vlan 21
  private-vlan community
!

!
interface GigabitEthernet0/0
 switchport private-vlan host-association 10 3
 switchport mode private-vlan host
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport private-vlan mapping 10 3,21
 switchport mode private-vlan promiscuous
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/2
 switchport private-vlan mapping 10 3,11
 switchport mode private-vlan promiscuous
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/3
 switchport private-vlan host-association 10 21
 switchport mode private-vlan host
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/0
 switchport private-vlan host-association 10 11
 switchport mode private-vlan host
 media-type rj45
 negotiation auto
!
Switch#sh int status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/0                        connected    10,3       a-full   auto RJ45
Gi0/1                        connected    10         a-full   auto RJ45
Gi0/2                        connected    10         a-full   auto RJ45
Gi0/3                        connected    10,21      a-full   auto RJ45
Gi1/0                        connected    10,11      a-full   auto RJ45
1 REPLY 1
Highlighted
VIP Mentor

Hello

Duplicate post - here



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Content for Community-Ad