Here is the new config, let me know if there is something I am missing. The private vlan trunk commands of course do not exist, but this is what I see.
R1 = SW1 f0/1 (promiscuous) R3 = SW1 f0/3 (isolated 101) R2 = SW2 f0/2 (isolated 101) R2 and R3 can ping R1, but not each other. SW1: vlan 100 private-vlan primary private-vlan association 101 ! vlan 101 private-vlan isolated ! interface FastEthernet0/1 switchport private-vlan mapping 100 101 switchport mode private-vlan promiscuous ! interface FastEthernet0/3 switchport private-vlan host-association 100 101 switchport mode private-vlan host ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk SW2: vlan 100 private-vlan primary private-vlan association 101 ! vlan 101 private-vlan isolated ! interface FastEthernet0/2 switchport private-vlan host-association 100 101 switchport mode private-vlan host ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk Verification R2 pings R1: R2#ping 192.168.120.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.120.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms R3 pings R1: R3#ping 192.168.120.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.120.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms R3# R2 cannot ping R3: R2#ping 192.168.120.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.120.3, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R2# The interesting thing I find is that spanning-tree runs for vlan 100 and 101 runs over the trunks, but only 100 runs over the host/promiscuous ports. Let me know if there is a mistake I made somewhere. On Thu, Jan 7, 2010 at 10:29 PM, Marko Milivojevic <[email protected]>wrote: > On Fri, Jan 8, 2010 at 06:02, Bryan Bartik <[email protected]> wrote: > >> Sure, here is the relevant portion of SW1 and SW2. I was just playing with >> this a couple days ago, still fresh on my rack :) >> >> >> Topology: >> >> R1/R3----SW1----SW2----R2 >> >> R1 is on f0/1 >> R3 is on f0/3 >> R2 is on f0/2 >> Trunk is on f0/13 >> > > > Try this: > > Make R1 promiscuous and have R2 and R3 isolated. See if R2 and R3 can ping > each other ... > > -- > Marko Milivojevic - CCIE #18427 > Senior Technical Instructor - IPexpert > > Mailto: [email protected] > Telephone: +1.810.326.1444 > Fax: +1.810.454.0130 > Community: http://www.ipexpert.com/communities > -- Bryan Bartik CCIE #23707 (R&S, SP), CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
