Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
5395
Views
0
Helpful
1
Replies

Private VLAN's on Nexus 2148 ?

Go to solution
tiwang
Level 3
Level 3

ā€Ž12-30-2011 02:55 AM - edited ā€Ž03-07-2019 04:06 AM

hi out there

I have the need for private vlans in isolated mode to backup some hosts on a secured network. We are using Cisco Nexus 5020 with the fex 2148 for copper-ports  - and I tried to implement this setup:

the isolated port:

interface Ethernet100/1/13

description AccessPorts used for isolated backup net ports

Switchport mode private-vlan host

Switchport private-vlan host-association 550 551

and the promiscous port:

SW5020-02(config-if)# switchport mode private-vlan promiscuous
ERROR: Ethernet101/1/6: requested config change not allowed

SW5020-02(config-if)#

#"Ā¤&%#& - is this another limitations in the fex's ? As far as I can see from the reloease notes here

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Nexus_5000_Release_Notes.html

The Cisco Nexus 2000 Fabric Extender does not support PVLANs over VLAN trunks used to connect to another switch. The PVLAN trunks are only used on inter-switch links but the FEX ports are only meant to connect to servers. Since it is not a valid configuration to have an isolated secondary VLAN as part of a Fabric Extender port configured as a VLAN trunk, all frames on isolated secondary VLANs are pruned from going out to a FEX.

the "only" limitation should be the trunk option - but as far as I can see from the output from my nexus this is not correct - any suggestions?

We are running NXOS:

Software

  BIOS:      version 1.3.0

  loader:    version N/A

  kickstart: version 4.2(1)N2(1)

  system:    version 4.2(1)N2(1) Software
  BIOS:      version 1.3.0
  loader:    version N/A
  kickstart: version 4.2(1)N2(1)
  system:    version 4.2(1)N2(1)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
krahmani323
Level 3
Level 3

ā€Ž01-01-2012 12:48 PM

Hello tiwang,

At this time, promiscuous port is not supported on FEX Host interface =>

From the FEX configuration guide :

http://www.cisco.com/en/US/docs/switches/datacenter/nexus2000/sw/configuration/guide/rel_4_0_1a/FEX-features.html#wp1046108

VLANs and Private VLANs

The Fabric Extender supports Layer 2 VLAN trunks and IEEE 802.1Q VLAN encapsulation. Host interfaces can be members of private VLANs with the following restrictions:

ā€¢ You can configure a host interface as an isolated or community access port only.

ā€¢ You cannot configure a host interface as a promiscuous port.

ā€¢ You cannot configure a host interface as a PVLAN trunk port.

Another document indirectly states it =>

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps10110/data_sheet_c78-507093.html

Table 10. Feature Support for the Cisco Nexus 2000 Series

Layer 2 features :  Private VLANs (promiscuous only on uplinks)  [ie not supported on Hif].

================================

FYI those intersting features (promiscuous port - promiscuous trunk ā€“ pvlan over Portchannel / VpC) are supported on the N5k interfaces.

From NX-OS 5.0(2)N1(1)

Private VLANs over Port Channel and vPC Interfaces

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_2_N1_1/Nexus5000_Release_Notes_5_0_2_N2_1a.html#wp209253

From NX-OS 4.1(3)N1(1)

Private VLANs over Port Channel and vPC Interfaces

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_4_1_3_N1_1/Nexus5000_Release_Notes_4_1_3_N1_1.html#wp185640

================================

Hope that helps.

Kind regards.

Karim

View solution in original post

0 Helpful
1 Reply 1

Go to solution
krahmani323
Level 3
Level 3

ā€Ž01-01-2012 12:48 PM

Hello tiwang,

At this time, promiscuous port is not supported on FEX Host interface =>

From the FEX configuration guide :

http://www.cisco.com/en/US/docs/switches/datacenter/nexus2000/sw/configuration/guide/rel_4_0_1a/FEX-features.html#wp1046108

VLANs and Private VLANs

The Fabric Extender supports Layer 2 VLAN trunks and IEEE 802.1Q VLAN encapsulation. Host interfaces can be members of private VLANs with the following restrictions:

ā€¢ You can configure a host interface as an isolated or community access port only.

ā€¢ You cannot configure a host interface as a promiscuous port.

ā€¢ You cannot configure a host interface as a PVLAN trunk port.

Another document indirectly states it =>

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps10110/data_sheet_c78-507093.html

Table 10. Feature Support for the Cisco Nexus 2000 Series

Layer 2 features :  Private VLANs (promiscuous only on uplinks)  [ie not supported on Hif].

================================

FYI those intersting features (promiscuous port - promiscuous trunk ā€“ pvlan over Portchannel / VpC) are supported on the N5k interfaces.

From NX-OS 5.0(2)N1(1)

Private VLANs over Port Channel and vPC Interfaces

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_2_N1_1/Nexus5000_Release_Notes_5_0_2_N2_1a.html#wp209253

From NX-OS 4.1(3)N1(1)

Private VLANs over Port Channel and vPC Interfaces

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_4_1_3_N1_1/Nexus5000_Release_Notes_4_1_3_N1_1.html#wp185640

================================

Hope that helps.

Kind regards.

Karim

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card