Cisco Switching/Routing :: ME 4900 Private VLAN Config
Feb 9, 2012
We need to connect several DSLAMs on the 4900 switch, every DSLAM has 4 VLANs configured (VOIP service, MGMT, ADSL Private, ADSL Public), and sends the traffic for each service tagged with appropriate VLAN id according to the table:
VOIP: 608
MGMT: 594
ADSL PRIVATE: 2900
ADSL PUBLIC: 2930
On the DSLAM side it is very simple configuration, just a normal trunk with 4 VLANs transversing the link. On the 4900 I need to isolate the traffic for ADSL PRIVATE & PUBLIC service so DSLAMs connected to the same switch do not have L2 connectivity between them. For VOIP and MGMT they must communicate with each other. DSLAM acts also as a VOIP GW so it must communicate with other DSLAMs for VOIP service. Also VLAN 200 is configured on ME 4900 for switch management traffic.
This 4900 Switch connects to MPLS PE router, which offers L3 VPN service for VOIP & MGMT service, and L2 VPN for ADSL service (PPPoE traffic to BRAS). Fortunately we have ES+ linecard to support many ethernet features. I tried this config:
1) VOIP, DSLAM-MGMT, MPLS-MGMT configured as normal VLANs
2) ADSL PUBLIC & PRIVATE configured as isolated secondary VLANs, primary VLAN for ADSL PRIVATE is 2008, for PUBLIC 2308
3) Configure DSLAM facing ports on ME 4900 as private-vlan trunks
4) Configure ME 4900 uplink port to MPLS PE as a private-vlan promiscous trunk
5) Configure ethernet services on MPLS PE for each tag that comes from ME 4900 (ES+ cards are awesome, i love them:D )
6) Apply L3 VPN service for VOIP and DSLAM-MGMT, and L2 VPN for ADSL service.
But at least this last command should list on spanning tree forwarding state also the ADSL VLANs or not?
Here is the output of the show interface switchport.
View 1 Replies
ADVERTISEMENT
Mar 23, 2012
we got a dark fiber betwwen two sites away from each other 30 Km,i need to connect this sites acts as backup dc to main dc in main site using cisco 4900 Switches in BK-DC anf 6513 in the main site,how can i verfiy if this fiber oparates as L2 and i can extend vlan servers,is it via "sh cdp neigh" and "sh vlan br"?
View 2 Replies
View Related
Jan 24, 2012
At present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.
View 1 Replies
View Related
Jun 13, 2012
I just installed a N1K (with code 4.2(1)SV1(4a)) and I was trying to setup a private vlan.
Example:
vlan 300
name PRI-VLAN
private-vlan primary
[Code]....
I upgraded another n1k (that already had pvlan configured) to this version of code and it has the private vlan option. This was just installed yesterday so I don't have the license on it yet.
View 4 Replies
View Related
Jan 15, 2013
Why I got below error message when config Private VLAN?
Error: while enabling/disabling service: private-vlan, err: Private-vlan is not allowed in F2 VDC (0x40e4005d)
View 2 Replies
View Related
Mar 13, 2013
I have 2960 cisco switch. I want to configure private vlan. But it is not getting configured in cisco 2960. Is there any other way to configure that in switch.
View 1 Replies
View Related
Dec 29, 2011
I have the need for private vlans in isolated mode to backup some hosts on a secured network. We are using Cisco Nexus 5020 with the fex 2148 for copper-ports - and I tried to implement this setup: [code]
The Cisco Nexus 2000 Fabric Extender does not support PVLANs over VLAN trunks used to connect to another switch. The PVLAN trunks are only used on inter-switch links but the FEX ports are only meant to connect to servers. Since it is not a valid configuration to have an isolated secondary VLAN as part of a Fabric Extender port configured as a VLAN trunk, all frames on isolated secondary VLANs are pruned from going out to a FEX.
the "only" limitation should be the trunk option - but as far as I can see from the output from my nexus this is not correct .We are running NXOS: [code]
View 1 Replies
View Related
Dec 10, 2012
know if Private Vlans are supported on the Cisco 4900m switch when set in VTP version 3 and VTP disabled?Most documents just specify VTY transparent mode without mentioning the version, trying not to assume since this is production.
View 1 Replies
View Related
Jan 1, 2012
I have a Cisco 3750 with private VLANS configured.. VLAN 2 is the "primary", VLAN 3 is "isolated" and VLAN 4 is "community". This is all working correctly, however I now have the need to another VLAN called "production". I need the production VLAN to be able to reach all the private VLAN hosts (community and Isolated), and vice versa
View 2 Replies
View Related
Apr 14, 2011
Having problem pinging from Host A on ESX1 to Host B on ESX2. Each host are assigned the same port-profile. If I put 2 host's on the same ESX machine using the same port-profile, they are able to ping each other.
n1kv-vsm# sh port-profile name xxx-prod-40port-profile xxx-prod-40 description: type: vethernet status: enabled capability l3control: no pinning control-vlan: - pinning packet-vlan: - system vlans: 1 port-group: xxxl-prod-40 max ports: 32 inherit: config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown evaluated config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown assigned interfaces: Vethernet3 Vethernet4
System-uplink profile is trunking all vlans.
View 2 Replies
View Related
Dec 17, 2012
Is it possible to assign 2 ports to a vlan on this switch and have the 2 machines connected to those ports be able to see each other without having to go off of the switch? If so, how would it need to be setup on the switch?
View 4 Replies
View Related
Dec 12, 2012
We have a 24 port and 48 port 3560 E switches with identical IOS the 48 port switch supports private vlan while 24 port switch doesnt
configure private vlans on 24 ports 3560e and is it best practise to configure private vlan on this platform(3560)?
IOS version : C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
flash:/c3560e-universalk9-mz.122-55.SE3/c3560e-universalk9-mz.122-55.SE3.bin
View 3 Replies
View Related
Jan 11, 2012
I have defined a trunk between a nexus 5k and cat 3750 as a pvlan trunk - now I would like to add redundance and performance and tried to establish a vpc between my par of nexus's and the 3750 stack - but the nexus tell me that the port-channel doesn't support pvlan's - and then - ehh - do I get any benefits of running the trunk as a pvlan trunk at all?
interface Ethernet1/4
switchport mode trunk
speed 1000
switchport private-vlan trunk allowed vlan 550-552
switchport private-vlan mapping trunk 550 551-552
[code]...
View 5 Replies
View Related
Jul 28, 2012
I was trying to configure an SF 300-24 for use in my home and obviously did something dumb. It was working fine. The f/w was updated and I had configured 2 VLANs. VLAN2 was ports 1-6+GE1 for IPTV streaming and VLAN3 was ports 7-24+GE2 and GE3 for the rest of my LAN. I was plugged into GE4 and was configuring the switch with a laptop. GE4 was the only port still on the default VLAN1. I chaged the default VLAN to VLAN3, which forced a reboot and the switch never came back up. Attached is what I see when I connect to the console port: [code]
I can't access to GUI using it's static IP or it's default IP on any port and the console never reaches the point where I can log in. The System light is flashing green but the boot sequence never progresses past what's in the screen shot. I tried to do a hard reset using the recessed button on the front panel but it does not seem to have any effect, no matter how long I hold it down.
View 5 Replies
View Related
Mar 2, 2013
I am seeing Native VLAN mismatch errors on my 6506 switches as below [code] Will it(VTP Version mismatch) be the issue for getting the VLAN Mismatch Error ?
View 10 Replies
View Related
Dec 7, 2011
i have a Catalyst 2960S since 2 days. I am a new user, i like to configure the switch! my first problem is: i have 2 v LAN vlan1/24 and vlan200/24. I'd like to config port1 to be tagged on the 2 v LAN i know from hp port must be tagged. how can i config port 1 to be tagged on vlan1 and vlan200? and port 2 to be untagged in vlan1 and untagged in vlan200?
View 12 Replies
View Related
Dec 19, 2012
I am attempting to upgrade from a Cisco3945 to a ASR1002. On my Cisco3945, I have interface associated with VLANs. It appears that with the new IOSX, VLAN configuration has changed. Any config to setup a simple VLAN?
View 5 Replies
View Related
Feb 9, 2011
I'm not sure if I'm missing something basic here however i though that I'd ask the question. I recieved a request from a client who is trying to seperate traffic out of a IBM P780 - one set of VIO servers/clients (Prod) is tagged with vlan x going out LAG 1 and another set of VIO server/clients (Test) is tagged with vlan y and z going out LAG 2. The problem is that the management subnet for these devices is on one subnet.
The infrastructure is the host device is trunked via LACP etherchannel to Nexus 2148TP(5010) which than connects to the distribution layer being a Catalyst 6504 VSS. I have tried many things today, however I feel that the correct solution to get this working is to use an Isolated trunk (as the host device does not have private vlan functionality) even though there is no requirement for hosts to be segregated. I have configured:
1. Private vlan mapping on the SVI;
2. Primary vlan and association, and isolated vlan on Distribution (6504 VSS) and Access Layer (5010/2148)
3. All Vlans are trunked between switches
4. Private vlan isolated trunk and host mappings on the port-channel interface to the host (P780).
I haven't had any luck. What I am seeing is as soon as I configure the Primary vlan on the Nexus 5010 (v5.2) (vlan y | private-vlan primary), this vlan (y) does not forward on any trunk on the Nexus 5010 switch, even without any other private vlan configuration. I believe this may be the cause to most of the issues I am having. Has any one else experienced this behaviour. Also, I haven't had a lot of experience with Private Vlans so I might be missing some fundamentals with this configuration.
View 3 Replies
View Related
Mar 7, 2012
I am looking into the possibility of using private vlan's for some dmz implementations however I do have what may be some very rudimentary questions. It seems straightforward how to configure the primary/secondary vlan configuration as well as associating them. However in my case I would be looking to configure the PVLAN on a 6500-vss platform acting as the router while all of the hosts which I would desire to have in the isolated vlan would be spread out across a number of older Cisco switches which only support "protected port" setup or Procurve switches all of which I do not have budget to replace with something newer. So in my scenario I would have a 6500 connected by trunk to multiple switches which only support a protected port setup such as a Procurve (top of rack) or a Cisco 2950. As the Procurve or 2950 would not support Private VLAN setup, do I then just configure the secondary vlan to be allowed across the trunk from the 6500, configure that vlan on the Procurve or 2950 (as vtp will not foward the info for the secondary vlan) and assign that vlan to the host port as well as setting it as a protected port and this will communicate just fine across the trunk to the router as well as stopping the protected port in top of rack switch 1 from being able to communicate to a protected port in top of rack 2,3,etc? If the above scenario is what needs to be done, do I just use a regular trunk or do I have to use a PVLAN trunk?
View 2 Replies
View Related
Apr 21, 2013
my environment:
IE-3000-8TC industry-switch
ios: ies-ipservicesk9-mz.150-2.SE2
if i do
vlan 12
name NextVLAN
state active
in putty, everything is ok. but if i set this lines in a config-file and use them by config net or copy tftp: running-config, then this commands are completely ignored.how to setup VLAN so that this are funktional. i dont need a "interface vlan xx"! in addition manually configured vlan are shown in show vlan command but there are no entries inside a sh running-config output even i user show running-config all.
View 8 Replies
View Related
Jan 11, 2012
we've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
View 3 Replies
View Related
Apr 17, 2012
If i connected the latop to brand new out of the box ASA 5505 through consloe cable and i have a config file on this laptop from other ASA5505, is there anyway i can upload that config file into startup-config of this new ASA5505 through console cable, without using TFTP or FTP?
View 5 Replies
View Related
Mar 19, 2013
I have peculiar challenge ahead of me and would like to get new perspectives.
The objective is to route specific VLAN traffic and the caveat is that I have multiple VLANs with the same network address.
For example:
VLAN100 10.10.10.0/28 VLAN101 10.10.11.0/28 VLAN102 10.10.12.0/28
VLAN103 10.10.12.0/28
VLAN104 10.10.11.0/28
I need traffic going from VLAN100 with a destination of 10.10.11.0 forwarded to VLAN101 and NOT VLAN104.
This task is currently being completed by a multi context firewall and we're trying to decommission the asset.
View 5 Replies
View Related
Jan 23, 2012
Planning to implement HSRP in layer 3 switch.
We have two numbers of Cisco 4900 ME Switches. Basically want LAN failover from these devices. There are about 400 users in our network. I have attached rough network topology for your reference(I am not good at Microsoft Visio). Need to know implementation of the HSRP in these switches. Two distribution switches(Cisco 4900 ME Switches) are connected to 4 Access switches and these are connected to the LAN.
View 2 Replies
View Related
Aug 28, 2012
VLAN MAC address filter does not seem to be working on my 4900 switch. However the same config works fine when tested on my 3750 & 3560 switches.
Since user from different VLANs requires to be blocked, Unicast MAC address filter will not be feasible solution. VACL did not work on my 4506 switch too. K
Below is the config done on 4900 switch
mac access-list extended ABCpermit host 0003.0de9.d5ea anyexit
!
vlan access-map drop-mac 10
[Code]......
View 2 Replies
View Related
Sep 16, 2012
i have configured SPAN on cisco 4900 series switches its a Loacal SPAN . as there is only commnads to complete this activity but hard luck its not working.
View 5 Replies
View Related
Jul 30, 2012
When I insert the TwinGig Converter in a Catalyst 4900M you get the following error message: Failed to read transceiver serial eeprom on port Te2/1, try reinserting.This error is probably because the device expects 10Gig transceivers to be connected to the device not 1Gig.I used the TwinGig 4 module and 8 SFP ports are connected. But when i type in the the "hw-module module <slot> port-group <group> select gigabitethernet" the command is not available. [code]
View 1 Replies
View Related
Jun 17, 2012
I am having problems configuring a 4900. I have entered the following commands:
hw-module module 2 port-group 1 select gigabitethernet
hw-module module 2 port-group 2 select gigabitethernet
hw-module module 2 port-group 3 select gigabitethernet
hw-module module 2 port-group 4 select gigabitethernet
However no matter what I try, it never sees the GLC-SX gbics I have in the TwinGig converter.
PERSW001#sh interfaces status mod 2
Port Name Status Vlan Duplex Speed Type
Te2/1 inactive 1 full 10G No X2
Te2/2 inactive 1 full 10G No X2
Te2/3 inactive 1 full 10G No X2
[code]....
View 8 Replies
View Related
Dec 28, 2011
This is my first time trying to configure a WAP for out network. I have an AP1141 connecting to an SG300-28 switch. The subnet for my WAPs is 10.10. 40.0/ 24. The rest of my internal network is 10.10.10.0/24. There are four other WAPs on the 10.10.40.0/24 network that I did not configure. When I assign an IP address - 10.10.40.7 to my WAP with the gateway as 10.10.40.100 (router), I cannot ping anything. If I assign the WAP an IP address - 10.10.10.192 with the gateway 10.10.10.100 (router), I can ping everything.
View 6 Replies
View Related
Sep 5, 2012
Is this supported on a 3750X ?? A router has two VRFs and its lan interface is a trunk with 2 VLAN IDs, let say VLAN 10 and VLAN 20. The ip address subnet of these two vlans is the same (therefore , they are in different VRFs)
fa0/1
VLAN 10 = 10.15.4.9 (VRF A)
VLAN 20 = 10.15.4.10 (VRF B)
This router is connected on a 3750X switch. There is a firewall connected to this switch also, which is default gateway for several VLANs including VLAN 10 (10.15.4.1)
The goal is that VRF B ip can talk to 10.15.4.1 and VRF A can talk to 10.15.4.1 but VRF B can't talk to VRF A (10.15.4.9 <-> 10.15.4.10)
FW |--- TRUNK VLANs 1,2,3,4,10 ---------| SWITCH |----- TRUNK VLAN 10,20 -----| ROUTER (vlan 10 = VRF A, vlan 20 = VRF B)
I think this is not supported on the C3750, as my promiscuous port is located on a trunk.
View 1 Replies
View Related
Jan 10, 2012
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies
View Related
Jan 10, 2013
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
View 4 Replies
View Related
Mar 31, 2013
i need to solves this little problem on 2960S lan BASE but i dont know if it is possible.
Uplink port config for gi 1/0/28 is:
switchport mode trunk
switchport trunk alloved vlan 10,11
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20.
At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
View 4 Replies
View Related
