Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
1
Replies

PVLAN's + Same VLAN multicast Containment - Catalyst 6509/MSFC

jnantel
Level 1
Level 1

‎04-17-2002 04:37 PM - edited ‎03-01-2019 09:21 PM

Well, I really banged my head against the wall on this one. Here is a summary of my problem:

My current architecture is 2 Catalyst 6509 with MSFC for my core, and redundant perimeter routers to the internet. All hosts reside on a Class C we have assigned to us.

Our Elearning project and the Online labs we use require that most hosts on this network be accessible and fully controllable via the internet. With that I limited all hosts using Private VLANS. Here is idea what it looks like

| Cat6509 | <----Trunk -----> | Cat6509 |

Pvlan Pvlan

The PVLANS are trunked between switches and the MSFC on both provide Redundant layer 3 (ala HSRP). This works good.

Problem: Multicasting Ghost images to the before mentioned lab machines would knock all hosts off the network(ghost box was a whopper of a system). Multicast was not being contained.

The obvious solutions: CGMP or IGMP-Snooping, or GMRP(not support by ghost).

Results from CGMP: Ports in the private VLAN were being peeled out of the multicast group even tho hosts were present.

Suspected Cause: The MSFC(multicast router) was telling the switch to peel hosts out of the group that were not on the VLAN it received the IGMP join.

The MSFC did not recognize that the IGMP join came in on a Private VLAN, not the Primary or Parent VLAN(used to carry PVLAN traffic).

I did EVERYTHING I could thing to limit multicast including the port commands(not supported with my 6248 module).

HELP!

Jonathan Nantel CCNP, CCDP

Director - Cisco Department

Advanced Training & Services

Labels:
0 Helpful
1 Reply 1

ciscomoderator
Community Manager
Community Manager

‎05-03-2002 01:10 PM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful
Customers Also Viewed These Support Documents