Working with a 3750 and pvlans. I cannot route to any pvlan other than the promiscuous port. As far as I can tell I have Laver 3 routing enabled….but then again it’s not working!?!
Basically I’m separating out servers from workstations through pvlans and want to use ACLs security. With the current setup I have all ip, tcp and icmp traffic allowed to any any but still not working. Cannot ping or RDP to any system outside of their pvlan.
Please help…loosing too many brain cells…save the brain cells…..!
Hi Ron, if I understand your problem correctly, you can successfully connect from device to device within (say) vlan 101, but not from vlan 101 to 102 or 103. You're using the same SVI for all of these, so they're all in the same subnet, so you wouldn't be routing between them but switching. I'm pretty sure connectivity is barred between different community vlans so you need to go through an L3 device (SVI) i.e. you need a different SVI for each vlan for the ACLs to filter the traffic, seemingly negating the pvlan requirement.
Thanks for the quick response..You are correct with me being able to access anything within the plvan community and the promiscuous port. I can also ping the svi ip from any pvlan but that is the end of the story. From what I understand, when using pvlans SVI needs to be setup in transparent mode and you can only setup for the primary pvlan which propagates to the secondary pvlans....still looking into it further.
"Layer 3 devices communicate with a private VLAN only through the primary VLAN and not through secondary VLANs. Configure Layer 3 VLAN interfaces only for primary VLANs. You cannot configure Layer 3 VLAN interfaces for secondary VLANs"
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...