Re: Problem with private VLAN on Cat6509(CatOs)

Mikhail.Galiulin · ‎11-17-2006

Hi,

I have following problem:

I configured LAN segment that we are using to take backups from servers as isolated private VLAN. Backup server itself connected to the VLANs promicuous port so all the servers normally have access to it. For a month ago right after all servers (including the backup server) were patched with Windows service packs/updates the backup server loosed connectivity with all the servers on isolated VLAN. The same situation we got yesterday - after servers upgrade the backup server loose connectivity with servers in the isolated VLAN again.

I've found the following workaround to restore connectivity - to configure new promiscuous port and then connect the backup server to the new one. After deleting and recreating old port as promiscuous it is possible to connect server back to the old port.

I tried to mirror server port and then ping servers on the isolated VLAN. The interesting thing is that I can see ARP request broadcasted from the backup server and the ansver on ARP request, but MAC-address never appears in the backup servers ARP table. Then I tried to connect direct to another promiscuous port and see the traffic there - in this case I never got answer on the ARP request I sent from my computer...

The switch is Catalyst 6509 with CatOS 7.6. The server is SunFire X4200 with two Intel PRO 1000/MT Dual port adapters (only one port connected to the VLAN, other ports connected to other VLANS). Operating system is Windows 2003.

Any ideas?

//Mikhail Galiulin

aghaznavi · ‎11-24-2006

You can delete a private VLAN by deleting the primary VLAN. If you delete a primary VLAN, all bindings to the primary VLAN are broken, all ports in the private VLAN become inactive, and any related mappings on the promiscuous port(s) are deleted.Refer URL http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/confg_gd/vlans.htm#wp1075606