Wednesday, October 3, 2018

HP Comware 5 - Community Private VLANs

I was wondering how do you implement community private VLANs on a switch (HPE FlexFabric A5800) running Comware 5?

The current configuration looks like:

HP A5800 g1/0/1 <-> g1/0/25 Cisco Catalyst 3750E <-> VMware vSphere Virtual Distributed Switch

Cisco config:

vlan 50 name Internet_Promiscuous private-vlan primary private-vlan association 51-52 ! vlan 51 name Internet_Isolated private-vlan isolated ! vlan 52 name Internet_Exchange private-vlan community ! interface GigabitEthernet1/0/25 description HP_A5800_Uplink switchport trunk encapsulation dot1q switchport mode trunk

Comware config:

vlan 50 description Internet_Promiscuous isolate-user-vlan enable # vlan 51 description Internet_Isolated # vlan 52 description Internet_Exchange # interface GigabitEthernet1/0/1 description Catalyst_3750E_Uplink port link-mode bridge port link-type trunk port trunk permit vlan all # interface GigabitEthernet1/0/2 description Internet_Promiscuous port link-mode bridge port isolate-user-vlan 50 promiscuous port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 50 to 52 untagged port hybrid pvid vlan 50 # isolate-user-vlan 50 secondary 51 to 52

Comware: display isolate-user-vlan

Isolate-user-VLAN VLAN ID : 50 Secondary VLAN ID : 51-52 VLAN ID: 50 VLAN Type: static Isolate-user-VLAN type: isolate-user-VLAN Route Interface: not configured Description: Internet_Promiscuous Name: VLAN 0050 Tagged Ports: GigabitEthernet1/0/1 Untagged Ports: GigabitEthernet1/0/2 VLAN ID: 51 VLAN Type: static Isolate-user-VLAN type: secondary Route Interface: not configured Description: Internet_Isolated Name: VLAN 0051 Tagged Ports: GigabitEthernet1/0/1 Untagged Ports: GigabitEthernet1/0/2 VLAN ID: 52 VLAN Type: static Isolate-user-VLAN type: secondary Route Interface: not configured Description: Internet_Exchange Name: VLAN 0052 Tagged Ports: GigabitEthernet1/0/1 Untagged Ports: GigabitEthernet1/0/2

The 5800s are new and everything has been confirmed as working on the Cisco and vSphere side for a long time. When I hook my laptop to g1/0/2 on the HP, I can talk to VMs in VLANs 50 and 51 but not 52, I can also talk to VMs in other (non PVLAN) VLANs/subnets. So my questions would be, why arent community PVLANs working on the Comware side? Obviously i'm missing some sort of config, but I've tried googling and I can find references to promiscuous and isolated PVLANs in Comware but nothing about community PVLANs. Does Comware 5 just not support community PVLANs?



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)