Solved: Re: Unable to reach outside router after PVLAN configuration

jaismith · ‎05-17-2022

I am studying for my CCNP using CML and setting up a simple network lab with pvlan configured. The pvlan is working correctly inside the LAN but the PCs are unable to communicate outside of the L3 switch. It's driving me crazy but I'm sure the solution is simple. Here is the config

L3 Switch:

vlan 10
name primary
private-vlan primary
private-vlan association 20,30,40
!
vlan 20
name comm a
private-vlan community
!
vlan 30
name comm b
private-vlan community
!
vlan 40
name server
private-vlan isolated
no cdp run

!

interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport private-vlan mapping 10 20,30,40
switchport private-vlan trunk native vlan 10
switchport private-vlan trunk allowed vlan 10,20,30,40
switchport mode trunk
negotiation auto
no cdp enable
!
interface GigabitEthernet0/1
switchport private-vlan host-association 10 40
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet0/2
switchport private-vlan host-association 10 40
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet0/3
switchport private-vlan host-association 10 40
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet1/0
switchport private-vlan host-association 10 20
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet1/1
switchport private-vlan host-association 10 20
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet1/2
switchport private-vlan host-association 10 20
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet1/3
switchport private-vlan host-association 10 20
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet2/0
switchport private-vlan host-association 10 30
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet2/1
switchport private-vlan host-association 10 30
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet2/2
switchport private-vlan host-association 10 30
switchport mode private-vlan host
negotiation auto
no cdp enable
!
interface GigabitEthernet2/3
switchport private-vlan host-association 10 30
switchport mode private-vlan host
negotiation auto
no cdp enable
!

interface Vlan10
ip address 10.1.1.1 255.255.255.0
private-vlan mapping 20,30,40

Switchport on trunk int

HO-Access#show int gi0/0 switchport
Name: Gi0/0
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: 10 (primary) 20 (comm a) 30 (comm b) 40 (server)
Administrative private-vlan trunk native VLAN: 10
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: 10,20,30,40
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Appliance trust: none
HO-Access#

ROAS config on router:

interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.1.1.2 255.255.255.0
end

Default gateway information on PC:

HOPC1:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.1.1.1 0.0.0.0 UG 0 0 0 eth0
default 10.1.1.1 0.0.0.0 UG 202 0 0 eth0
10.1.1.0 * 255.255.255.0 U 0 0 0 eth0
HOPC1:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:06:34:7B
inet addr:10.1.1.12 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe06:347b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:2 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1747 (1.7 KiB) TX bytes:2575 (2.5 KiB)

jaismith · ‎05-17-2022

I figured it out...I over complicated things by adding the SVI. I removed all the config and started from scratch, leaving the switch as L2 and using the gi0/0 as a promiscuous port to the router.

View solution in original post

MHM Cisco World · ‎05-17-2022

promiscuous

Are you config promiscous port? You dont,

You need this port to connect outside

jaismith · ‎05-17-2022

interface gig0/0 on the switch is connected to the router in trunk mode. But I do have it allowing all the private-vlans

switchport private-vlan trunk allowed vlan 10,20,30,40

The interface that is routing the traffic is int vlan 10

interface Vlan10
ip address 10.1.1.1 255.255.255.0
private-vlan mapping 20,30,40

jaismith · ‎05-17-2022

I figured it out...I over complicated things by adding the SVI. I removed all the config and started from scratch, leaving the switch as L2 and using the gi0/0 as a promiscuous port to the router.