PVLAN's + Same VLAN multicast Containment - Catalyst 6509/MSFC
Well, I really banged my head against the wall on this one. Here is a summary of my problem:
My current architecture is 2 Catalyst 6509 with MSFC for my core, and redundant perimeter routers to the internet. All hosts reside on a Class C we have assigned to us.
Our Elearning project and the Online labs we use require that most hosts on this network be accessible and fully controllable via the internet. With that I limited all hosts using Private VLANS. Here is idea what it looks like
| Cat6509 | <----Trunk -----> | Cat6509 |
The PVLANS are trunked between switches and the MSFC on both provide Redundant layer 3 (ala HSRP). This works good.
Problem: Multicasting Ghost images to the before mentioned lab machines would knock all hosts off the network(ghost box was a whopper of a system). Multicast was not being contained.
The obvious solutions: CGMP or IGMP-Snooping, or GMRP(not support by ghost).
Results from CGMP: Ports in the private VLAN were being peeled out of the multicast group even tho hosts were present.
Suspected Cause: The MSFC(multicast router) was telling the switch to peel hosts out of the group that were not on the VLAN it received the IGMP join.
The MSFC did not recognize that the IGMP join came in on a Private VLAN, not the Primary or Parent VLAN(used to carry PVLAN traffic).
I did EVERYTHING I could thing to limit multicast including the port commands(not supported with my 6248 module).
Re: PVLAN's + Same VLAN multicast Containment - Catalyst 6509/MS
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...