ā12-30-2011 02:55 AM - edited ā03-07-2019 04:06 AM
hi out there
I have the need for private vlans in isolated mode to backup some hosts on a secured network. We are using Cisco Nexus 5020 with the fex 2148 for copper-ports - and I tried to implement this setup:
the isolated port:
interface Ethernet100/1/13
description AccessPorts used for isolated backup net ports
Switchport mode private-vlan host
Switchport private-vlan host-association 550 551
and the promiscous port:
SW5020-02(config-if)# switchport mode private-vlan promiscuous
ERROR: Ethernet101/1/6: requested config change not allowed
SW5020-02(config-if)#
#"Ā¤&%#& - is this another limitations in the fex's ? As far as I can see from the reloease notes here
The Cisco Nexus 2000 Fabric Extender does not support PVLANs over VLAN trunks used to connect to another switch. The PVLAN trunks are only used on inter-switch links but the FEX ports are only meant to connect to servers. Since it is not a valid configuration to have an isolated secondary VLAN as part of a Fabric Extender port configured as a VLAN trunk, all frames on isolated secondary VLANs are pruned from going out to a FEX.
the "only" limitation should be the trunk option - but as far as I can see from the output from my nexus this is not correct - any suggestions?
We are running NXOS:
Software
BIOS: version 1.3.0
loader: version N/A
kickstart: version 4.2(1)N2(1)
system: version 4.2(1)N2(1) Software
BIOS: version 1.3.0
loader: version N/A
kickstart: version 4.2(1)N2(1)
system: version 4.2(1)N2(1)
Solved! Go to Solution.
ā01-01-2012 12:48 PM
Hello tiwang,
At this time, promiscuous port is not supported on FEX Host interface =>
From the FEX configuration guide :
VLANs and Private VLANs
The Fabric Extender supports Layer 2 VLAN trunks and IEEE 802.1Q VLAN encapsulation. Host interfaces can be members of private VLANs with the following restrictions:
ā¢ You can configure a host interface as an isolated or community access port only.
ā¢ You cannot configure a host interface as a promiscuous port.
ā¢ You cannot configure a host interface as a PVLAN trunk port.
Another document indirectly states it =>
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps10110/data_sheet_c78-507093.html
Table 10. Feature Support for the Cisco Nexus 2000 Series
Layer 2 features : Private VLANs (promiscuous only on uplinks) [ie not supported on Hif].
================================
FYI those intersting features (promiscuous port - promiscuous trunk ā pvlan over Portchannel / VpC) are supported on the N5k interfaces.
From NX-OS 5.0(2)N1(1)
Private VLANs over Port Channel and vPC Interfaces
From NX-OS 4.1(3)N1(1)
Private VLANs over Port Channel and vPC Interfaces
================================
Hope that helps.
Kind regards.
Karim
ā01-01-2012 12:48 PM
Hello tiwang,
At this time, promiscuous port is not supported on FEX Host interface =>
From the FEX configuration guide :
VLANs and Private VLANs
The Fabric Extender supports Layer 2 VLAN trunks and IEEE 802.1Q VLAN encapsulation. Host interfaces can be members of private VLANs with the following restrictions:
ā¢ You can configure a host interface as an isolated or community access port only.
ā¢ You cannot configure a host interface as a promiscuous port.
ā¢ You cannot configure a host interface as a PVLAN trunk port.
Another document indirectly states it =>
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps10110/data_sheet_c78-507093.html
Table 10. Feature Support for the Cisco Nexus 2000 Series
Layer 2 features : Private VLANs (promiscuous only on uplinks) [ie not supported on Hif].
================================
FYI those intersting features (promiscuous port - promiscuous trunk ā pvlan over Portchannel / VpC) are supported on the N5k interfaces.
From NX-OS 5.0(2)N1(1)
Private VLANs over Port Channel and vPC Interfaces
From NX-OS 4.1(3)N1(1)
Private VLANs over Port Channel and vPC Interfaces
================================
Hope that helps.
Kind regards.
Karim
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: