Private VLAN's on Nexus 2148 ?

Answered Question
Dec 30th, 2011

hi out there

I have the need for private vlans in isolated mode to backup some hosts on a secured network. We are using Cisco Nexus 5020 with the fex 2148 for copper-ports  - and I tried to implement this setup:

the isolated port:

interface Ethernet100/1/13

description AccessPorts used for isolated backup net ports

Switchport mode private-vlan host

Switchport private-vlan host-association 550 551

and the promiscous port:

SW5020-02(config-if)# switchport mode private-vlan promiscuous
ERROR: Ethernet101/1/6: requested config change not allowed

SW5020-02(config-if)#

#"¤&%#& - is this another limitations in the fex's ? As far as I can see from the reloease notes here

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Nexus_5000_Release_Notes.html

The Cisco Nexus 2000 Fabric Extender does not support PVLANs over VLAN trunks used to connect to another switch. The PVLAN trunks are only used on inter-switch links but the FEX ports are only meant to connect to servers. Since it is not a valid configuration to have an isolated secondary VLAN as part of a Fabric Extender port configured as a VLAN trunk, all frames on isolated secondary VLANs are pruned from going out to a FEX.

the "only" limitation should be the trunk option - but as far as I can see from the output from my nexus this is not correct - any suggestions?

We are running NXOS:

Software

  BIOS:      version 1.3.0

  loader:    version N/A

  kickstart: version 4.2(1)N2(1)

  system:    version 4.2(1)N2(1) Software
  BIOS:      version 1.3.0
  loader:    version N/A
  kickstart: version 4.2(1)N2(1)
  system:    version 4.2(1)N2(1)

I have this problem too.
0 votes
Correct Answer by krahmani323 about 2 years 3 months ago

Hello tiwang,

At this time, promiscuous port is not supported on FEX Host interface =>

From the FEX configuration guide :

http://www.cisco.com/en/US/docs/switches/datacenter/nexus2000/sw/configuration/guide/rel_4_0_1a/FEX-features.html#wp1046108

VLANs and Private VLANs

The Fabric Extender supports Layer 2 VLAN trunks and IEEE 802.1Q VLAN encapsulation. Host interfaces can be members of private VLANs with the following restrictions:

• You can configure a host interface as an isolated or community access port only.

• You cannot configure a host interface as a promiscuous port.

• You cannot configure a host interface as a PVLAN trunk port.

Another document indirectly states it =>

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps10110/data_sheet_c78-507093.html

Table 10. Feature Support for the Cisco Nexus 2000 Series

Layer 2 features :  Private VLANs (promiscuous only on uplinks)  [ie not supported on Hif].

================================

FYI those intersting features (promiscuous port - promiscuous trunk – pvlan over Portchannel / VpC) are supported on the N5k interfaces.

From NX-OS 5.0(2)N1(1)

Private VLANs over Port Channel and vPC Interfaces

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_2_N1_1/Nexus5000_Release_Notes_5_0_2_N2_1a.html#wp209253

From NX-OS 4.1(3)N1(1)

Private VLANs over Port Channel and vPC Interfaces

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_4_1_3_N1_1/Nexus5000_Release_Notes_4_1_3_N1_1.html#wp185640

================================

Hope that helps.

Kind regards.

Karim

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
krahmani323 Sun, 01/01/2012 - 12:48

Hello tiwang,

At this time, promiscuous port is not supported on FEX Host interface =>

From the FEX configuration guide :

http://www.cisco.com/en/US/docs/switches/datacenter/nexus2000/sw/configuration/guide/rel_4_0_1a/FEX-features.html#wp1046108

VLANs and Private VLANs

The Fabric Extender supports Layer 2 VLAN trunks and IEEE 802.1Q VLAN encapsulation. Host interfaces can be members of private VLANs with the following restrictions:

• You can configure a host interface as an isolated or community access port only.

• You cannot configure a host interface as a promiscuous port.

• You cannot configure a host interface as a PVLAN trunk port.

Another document indirectly states it =>

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps10110/data_sheet_c78-507093.html

Table 10. Feature Support for the Cisco Nexus 2000 Series

Layer 2 features :  Private VLANs (promiscuous only on uplinks)  [ie not supported on Hif].

================================

FYI those intersting features (promiscuous port - promiscuous trunk – pvlan over Portchannel / VpC) are supported on the N5k interfaces.

From NX-OS 5.0(2)N1(1)

Private VLANs over Port Channel and vPC Interfaces

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_2_N1_1/Nexus5000_Release_Notes_5_0_2_N2_1a.html#wp209253

From NX-OS 4.1(3)N1(1)

Private VLANs over Port Channel and vPC Interfaces

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_4_1_3_N1_1/Nexus5000_Release_Notes_4_1_3_N1_1.html#wp185640

================================

Hope that helps.

Kind regards.

Karim

Actions

Login or Register to take actions

This Discussion

Posted December 30, 2011 at 2:55 AM
Stats:
Replies:1 Avg. Rating:5
Views:3204 Votes:0
Shares:0
Tags: vlan, pvlan, nexus, private, fex
+

Related Content

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,730
4 7,083
5 6,742
Rank Username Points
155
77
70
69
50