Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
4
Replies

private-vlan vrrp

Nader ibrahimi
Level 1
Level 1

‎01-24-2025 02:38 AM

Naderibrahimi_0-1737714417933.png

hello to everyone hope u all fine and wil:

I have trouble with configuration of  private vlan and FHRP ( VRRP ) with multiple vlans.

if i create private-vlans in access-layer and add member as shown so then i trunk the Access-layer Switches toward DLS so which port should i change mode to promiscuous ?

and also in which interface i have to set ip address while private-vlan community cant take ip address?

what is the entire configuration for this topology ?

Labels:
0 Helpful
4 Replies 4

M02@rt37
VIP
VIP

‎01-24-2025 05:30 AM

Hello @Nader ibrahimi 

To implement PVLANs, the access-layer switches should have ports assigned to secondary VLANs (community or isolated) based on device requirements. Trunk ports between the access layer and the distribution layer switches should allow both the primary VLAN and the associated secondary VLANs. On the distribution layer switches, promiscuous ports are configured for the primary VLAN, and the gateway IP address is assigned to these ports. VRRP should also be configured on these promiscuous ports within the primary VLAN to provide redundancy. The VRRP virtual IP serves as the default gateway for hosts in the primary VLAN, ensuring failover capability between distribution devices. In this setup, the access-layer switches do not require an IP configuration for PVLANs, as routing and gateway functionalities are handled at the DLS level.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Nader ibrahimi
Level 1
Level 1
In response to M02@rt37

‎01-24-2025 06:12 AM

When I created private vlan primary and secondary  so whenever I try to assigne ip address in secondry vlan the won't accept that cause its only possible   in primary to assign ip so how can I give the ip and than group the routers for vrrp 

0 Helpful

vishalbhandari
Spotlight
Spotlight

‎01-24-2025 06:38 PM

@Nader ibrahimi 

To configure private VLANs and VRRP with multiple VLANs, the trunk port between the access-layer switches and the distribution layer switches (DLS) should not be set as promiscuous mode; instead, only the interface connecting the router or VRRP device at the DLS needs to be configured as promiscuous. The IP address for the private VLAN should be assigned to the primary VLAN on the DLS interface in promiscuous mode, as community VLANs themselves do not take IP addresses. For your topology, you’ll need to:

  1. Define private VLANs (primary, isolated, and community) on the switches.
  2. Map the secondary VLANs to the primary VLAN.
  3. Configure trunk ports on the access-layer switches toward the DLS.
  4. Set the IP address and VRRP on the DLS interface configured as promiscuous for the primary VLAN.
0 Helpful

Nader ibrahimi
Level 1
Level 1
In response to vishalbhandari

‎01-24-2025 08:42 PM

first thanks for giving response :

Naderibrahimi_0-1737779876096.png

should i assign the ip addresses  to these interfaces as i highlight  them ?

if i assign the ip address in these interfaces actually we limit one interface for only one vlan.

 

 

0 Helpful
Customers Also Viewed These Support Documents