Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
444
Views
0
Helpful
1
Replies

Private VLAN Promiscuous Ports Able to Ping Ports Outside of Mapping

TylerPereira9835
Level 1
Level 1

ā€Ž06-11-2020 11:12 AM

Hello,

I am running into an issue using Private Vlans on a Cisco Catalyst 3650 running the latest iOS 12 (Gibraltar) release. I have  private vlan setup and promiscuous ports in the primary vlan are able to ping machines outside of their vlan mapping. Is this the expected behavior in a private vlan or is their something wrong with my configuration? 

 

Thanks for any feedback!

 

Current running configuration (Promiscuous Port 1 is able to ping ports in VLAN 11 even though it is not mapped to VLAN 11)

Switch#sh vlan private

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
10      3         isolated          Gi0/0, Gi0/1, Gi0/2
10      11        community         Gi0/2, Gi1/0
10      21        community         Gi0/1, Gi0/3
vlan 3
  private-vlan isolated
!
vlan 10
  private-vlan primary
  private-vlan association 3,11,21
!
vlan 11
  private-vlan community
!
vlan 21
  private-vlan community
!

!
interface GigabitEthernet0/0
 switchport private-vlan host-association 10 3
 switchport mode private-vlan host
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport private-vlan mapping 10 3,21
 switchport mode private-vlan promiscuous
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/2
 switchport private-vlan mapping 10 3,11
 switchport mode private-vlan promiscuous
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/3
 switchport private-vlan host-association 10 21
 switchport mode private-vlan host
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/0
 switchport private-vlan host-association 10 11
 switchport mode private-vlan host
 media-type rj45
 negotiation auto
!
Switch#sh int status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/0                        connected    10,3       a-full   auto RJ45
Gi0/1                        connected    10         a-full   auto RJ45
Gi0/2                        connected    10         a-full   auto RJ45
Gi0/3                        connected    10,21      a-full   auto RJ45
Gi1/0                        connected    10,11      a-full   auto RJ45
Labels:
0 Helpful
1 Reply 1

paul driver
VIP
VIP

ā€Ž06-11-2020 01:08 PM

Hello

Duplicate post - here


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the communityā€™s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card