PVLAN through multiple L2 devices DHCP issue

Darryl Hardy · ‎11-11-2016

I'm trying to implement an isolated PVLAN for our VDI environment (VM environment utilizes C-series chasses and a single HA 1000v). I've got it working out to where, when assigned a static IP, network traffic flows as expected. However, I can't get DHCP leases working. The DHCP server is another VM on a different VLAN, and is pingable when the VDI is statically IPd.

I've tried a couple of different setups, and can't get the DHCP working. I've attached a topology diagram and the relevant switch configs below.

3750x

vlan 240
 name VDI_Standard
  private-vlan primary
  private-vlan association 241

vlan 241
 name VDI_Standard_Isolate
  private-vlan isolated

interface Vlan240
 ip address 10.253.240.1 255.255.240.0
 ip helper-address 192.168.0.10
 private-vlan mapping 241

interface GigabitEthernet2/0/15
 description *** Promiscuous Port for VDI_Standard_Isolated - DO NOT USE FOR PHYSICAL CONNECTION ***
 switchport private-vlan mapping 240 241
 switchport mode private-vlan promiscuous

interface Port-channel1
 description ** Link to 5010 **
 switchport trunk encapsulation dot1q
 switchport mode trunk

5510

vlan 240
  name VDI_Standard
  private-vlan primary
  private-vlan association 241

vlan 241
  name VDI_Standard_Isolated
  private-vlan isolated

interface port-channel1
  description ** Link to 3750x **
  switchport mode trunk

interface port-channel2
  description ** Link to 5548s **
  switchport mode trunk
  switchport trunk allowed vlan 240-241,<others>
  spanning-tree port type network

5548 (only one due to mirrored config)

vlan 240
  name VDI_Standard
  private-vlan primary
  private-vlan association 241

vlan 241
  name VDI_Standard_Isolated
  private-vlan isolated

interface port-channel1
  description To Customer Switch #1
  switchport mode trunk
  switchport trunk allowed vlan 240-241,<others>
  spanning-tree port type network
  speed 10000
  vpc 1

interface port-channel50
  description To 5548-B
  switchport mode trunk
  switchport trunk allowed vlan 240-241,<others>
  spanning-tree port type network
  speed 10000
  vpc peer-link

interface port-channel101
  description To UCS FI-A
  switchport mode trunk
  switchport trunk allowed vlan 240-241,<others>
  spanning-tree port type edge trunk
  speed 10000
  vpc 101

interface port-channel102
  description To UCS FI-B
  switchport mode trunk
  switchport trunk allowed vlan 240-241,<others>
  spanning-tree port type edge trunk
  speed 10000
  vpc 102

1000v

vlan 240
  name VDI_Standard
  private-vlan primary
  private-vlan association 241

vlan 241
  name VDI_Standard_Isolated
  private-vlan isolated

port-profile type ethernet DATA-UPLINK to UCS FI  
  switchport mode trunk
  switchport trunk allowed vlan 240-241,<others>
  pinning control-vlan 0
  pinning packet-vlan 0
  mtu 9000
  channel-group auto mode on mac-pinning
  no shutdown
  system vlan 75-76,79,85-86
  state enabled
  vmware port-group

port-profile type vethernet VDI_Standard_Isolated
  switchport mode private-vlan host
  switchport private-vlan host-association 240 241
  no shutdown
  max-ports 120
  state enabled
  vmware port-group

PVLAN through multiple L2 devices DHCP issue

Ataques L2 - Arp spoofing

Catalyst9000 : EVPN VXLAN L2 Overlay ( underlay multicast )設定

Memory issue summary

Multiple Spanning-Tree (MST) - Configuração e Troubleshoot.

L2 connectivity issue