Please make your question

Liad Dayan · ‎03-30-2016

Hi guys,

I have a question:

I have a topology that goes :

Host - > SwitchA - > SwitchB(Layer3) - > CORE NETWORK - > ISP

Host want to reach the Core network, but from some reason it cant.

Host can ping SwitchB SVI interface(which configured as default gateway).

but cant go out to the CORE network.

between SwitchB to CORE NETWORK we have igp that routing the subnets, CORE networks can reach SwitchB SVI but cant reach HOST.

further notice, when i open Wireshark on HostA i manage to see that ICMP from CORE NETWORKS got received and sent back.

but CORE NETWORK didn't receive the replay.

Any one has any idea?

now the host port is configured as follows :(at host A)

vlan 1135 - primary

vlan 2135 - secondary (isolated)

interface gigabitethernet x/x

description "Connect to host X"

switchport mode private-vlan host

switchport private-vlan host-association 1135 2135

!

interface port-channel x

description "Connect to SwitchB"

switchport

switchport mode trunk

!

SwitchB configuration:

interface port-channel x

description "Connect to SwitchA"

switchport

switchport mode trunk

interface vlan 1135

ip address x.x.x.x/24

private-vlan mapping 2135

!

interface vlan 20

"description OSPF TO CORE"

ip address x.x.x.x/30

ip ospf 1 area 0.0.0.0

!

dukenuk96 · ‎04-06-2016

Please make your question more clear - show full network diagram and all configs. From your partial configs it is impossible to determine how devices are interconnected and what address you are trying to ping.

Liad Dayan · ‎04-10-2016

Hi,

I will try to explain my problem:

I have a L3 switch, that got PRIVATE VLAN on him.

I want this L3 switch to route traffic to and from that PRIVATE VLAN.

Here is the configuration in the L3 switch:

CISCO#show vlan private-vlan

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
1135 2135 isolated

!

CISCO#show interface private-vlan mapp
Interface Secondary VLAN Type
--------- -------------- -----------------
vlan1135 2135 isolated

!

interface Vlan1135
vrf forwarding SLIMM
ip address 132.76.27.254 255.255.255.128
ip ospf 4 area 1
private-vlan mapping 2135

!

for L3 the interconnect to the CORE network i have a different interface :

interface Vlan831
mtu 9170
vrf forwarding SLIMM
ip address 172.17.204.26 255.255.255.252
ip ospf network point-to-point
ip ospf hello-interval 1
ip ospf 4 area 1
!

here is the output from the show ip route on that VRF :

CISCO#show ip route vrf SLIMM

O*IA 0.0.0.0/0 [110/2] via 172.17.204.25, 2w3d, Vlan831
132.76.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 132.76.27.128/25 is directly connected, Vlan1135
L 132.76.27.254/32 is directly connected, Vlan1135
172.17.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.17.204.24/30 is directly connected, Vlan831
L 172.17.204.26/32 is directly connected, Vlan831

Now, to the problem :

All devices that are in vlan 2135 CAN ping the default gateway, but the CANT ping interfaces in the CORE network.

When i put wireshark on one of the PC`s that connected to the PVLAN iam able to see the ICMP request from the CORE interface, and ICMP Replay to the IP interface, but from some reason it get dropped in the middle.

I have upload a simple Network topology for your undestanding.

Anyone has any idea?

Regards,

Private vlan SVI routing