08-31-2019 08:01 AM
Hello Guys,
I'm trying to configure private VLANs in my lab using Nexus 9000 and GNS3. I have two primary VLANs associated with two secondary VLANs connected to a router that configured as a router on a stick. The Nexus is connected to the router via an interface configured as trunk promiscuous, the issue is this port is always "inactive"
Please any advice?
below is the configuration
vlan 10
private-vlan primary
private-vlan association 100
vlan 100
private-vlan isolated
interface Ethernet1/1
switchport mode private-vlan host
switchport private-vlan host-association 10 100
interface Ethernet1/2
switchport mode private-vlan host
switchport private-vlan host-association 10 100
i
nterface Ethernet1/3
switchport mode private-vlan trunk promiscuous
switchport private-vlan trunk allowed vlan 1-3967
switchport private-vlan mapping trunk 10 100
08-31-2019 10:37 PM
09-01-2019 09:32 AM
Hello abimadaro4462,
the port connecting to the router should be an access port in primary Vlan 100.
the switchport mode private-vlan trunk promiscous is a command to be used between two switches that have to share and use the same set of primary and secondary Vlans.
From the router's point of view private Vlans do not exist only one IP subnet associated to the primary vlan.
Try again with a different configuration for the port to the router as suggested above.
Hope to help
Giuseppe
09-03-2019 12:45 PM
Thanks for your reply, I have changed the configuration but still not working. Actually since i have more than one primary VLAN, the connected port to the router should be trunk. I have tried to configure it as normal trunk and also i tried the access one but no luck, the host still not able to ping the router.
Any advise please?
12-02-2019 08:42 AM
Hi,
I was passing by searching for an answer about promiscuous ports, but your issue does not have any relationship with promiscuous port, you can keep the nexus interface connected to the router as it is, but you configure tags (on sub-interfaces) on the router so he can understand when he receives from the Nexus, without the dot1q command under a router's sub-interface the router will not get the tagged frames.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide