Hello.
I found a brief mention in the Extreme's EXOS user guide that it is possible to span a PVLAN across two switches. However I found no example as to how to achieve that.
My scenario is like this:
SWITCH 1: Port 1 - PC Port 2 - PC Port 3 - Server Port 4 - To switch 2 (to be configured) SWITCH 2: Port 1 - PC Port 2 - PC Port 3 - Server Port 4 - To switch 1 (to be configured)
What is needed (that fits perfectly to a PVLAN):
- PCs and Servers should be in the same VLAN
- PCs cannot communicate with each other
- PCs can communicate with servers
- Servers can communicate with PCs
- Servers can communicate with other Servers
Creating a PVLAN by itself is quite easy
# config for Switch 1 and Switch 2 create vlan net_vlan tag 10 #network vlan for servers create vlan sub_vlan tag 100 #subscriber (isolated) vlan for PCs create private-vlan pvlan #pvlan creation configure private-vlan pvlan add network net_vlan #adding network vlan to pvlan configure private-vlan pvlan add subscriber sub_vlan #adding subscriber vlan to pvlan configure vlan sub_vlan add ports 1,2 untagged #PCs untagged port # For a network vlan in a PVLAN there are 2 options (it changes the egressing vlan tag out of the switchport): # with the line below port 3 will receive traffic with vlan 10 (the network vlan) configure vlan net_vlan add ports 3 tagged #server tagged port # with the line below port 3 would receive traffic with vlan 100 (the subscriber vlan) # configure vlan net_pvlan add ports 3 private-vlan translated #server tagged port
With the above configuration I pretty much achieve what I want on a single switch. PCs cannot communicate with each other, only with the Servers. Servers can reach anyone.
The question is, how can I span the network/subscriber vlan between two switches keeping the isolation in the requirements?
What sort of configuration is necessary to apply to port 4 on switch 1 and switch 2 to span the PVLAN?
Thank you.
No comments:
Post a Comment