Switching

last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  private vlan spanning multiple switches

    Posted 11-24-2014 07:34

    Hello all,

     

    following situation: We need to implement pvlan in our data centers (in one data center we have an ex8208 and in the other we have a cisco nexus 7000).

     

    while commiting check i get following error

     

    error: Trunk port ae1.0 cannot be made member of community vlan <Priv-Com-216>
    error: configuration check-out failed

     

    the interface ae1 is the uplink to the seconde data center (inter-switch-link) and is carrying all vlan member (at this moment standard vlans only).

     

    When i remove "vlan members all" from interface configuration of ae1, then the check is success.

     

    The question is: when i let "vlan members all" removed will this port still carry the standard vlans too towards second data center?

     

    Here is my config:

     

    admin_user@EX1-DC1# show interfaces ae1
    description ISL-N7K-DC2;
    aggregated-ether-options {
        link-speed 10g;
        lacp {
            active;
            periodic fast;
        }
    }
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members all;
            }
        }
    }

     

    {master:8}[edit]
    admin_user@EX1-DC1# show | compare

    [edit interfaces ae14 unit 0 family ethernet-switching vlan]
    -       members [ ... ];
    +       members [ ... 214 ];
    [edit interfaces ae64 unit 0 family ethernet-switching vlan]
    -       members [ ... ];
    +       members [ ... 214 216 ];
    [edit vlans]
    +   Priv-Com-216 {
    +       vlan-id 216;
    +       interface {
    +           ae64.0;
    +       }
    +       primary-vlan Priv-Prim;
    +   }
    +   Priv-Prim {
    +       vlan-id 214;
    +       interface {
    +           ae1.0 {
    +               pvlan-trunk;
    +           }
    +           ae14.0;
    +       }
    +       no-local-switching;
    +       isolation-id 215;
    +   }

    {master:8}[edit]
    admin_user@EX1-DC1# commit check
    member8:
    error: Trunk port ae1.0 cannot be made member of community vlan <Priv-Com-216>
    error: configuration check-out failed

     

    admin_user@EX1-DC1# show interfaces ae14
    description Uplink-Core_Firewall;
    aggregated-ether-options {
        link-speed 10g;
        lacp {
            passive;
        }
    }
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ ... 214 ];
            }
        }
    }


    {master:8}[edit]
    admin_user@EX1-DC1# show interfaces ae64
    description ESX-Host-77-tr;
    aggregated-ether-options {
        link-speed 1g;
    }
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ ... 214 216 ];
            }
        }
    }

     

    Thanks for any help

     



  • 2.  RE: private vlan spanning multiple switches

    Posted 11-27-2014 14:44

    When you remove vlan members all you have to specify all the vlans the trunk should carry.



  • 3.  RE: private vlan spanning multiple switches

    Posted 11-28-2014 02:24

    I've tested but got the same error

     

    when I follow the steps mentioned under this link Creating a Private VLAN Spanning Multiple EX Series Switches (CLI Procedure)

     and configure just the 1. step "The primary VLAN must be a tagged VLAN. We recommend that you configure the primary VLAN first." and then execute "commit check" I get no errors and the check is success

     

    admin_user@EX1-DC1# show | compare
[edit vlans]
+   Priv-Cloud-Prim {
+       vlan-id 214;
+       interface {
+           ae1.0 {
+               pvlan-trunk;
+           }
+           ae14.0;
+       }
+       no-local-switching;
+       isolation-id 215;
+   }

{master:8}[edit]
admin_user@EX1-DC1# commit check
member8:
configuration check succeeds
member9:
configuration check succeeds

{master:8}[edit]
admin_user@EX1-DC1# show interfaces ae1.0
family ethernet-switching {
    port-mode trunk;
    vlan {
        members all;
    }
}

     If I undestand the definition of "pvlan-trunk" statement correctly: "The PVLAN trunk port is a member of all VLANs within the PVLAN (that is, the primary VLAN, the community VLANs, and the interswitch isolated VLAN)" I'm note sure if normal/standard vlans will be allowed and carried over this trunk port too?

     

    Can someone enlighten me?



  • 4.  RE: private vlan spanning multiple switches

    Posted 12-18-2014 17:29

    You have to remove this configuration from the trunk ports:

    vlan {
        members all;


  • 5.  RE: private vlan spanning multiple switches
    Best Answer

    Posted 12-01-2014 22:48

    Hi!

    You need to remove from interface famaly etherswitching vlan members all

    And add vlans except secondary VLANs (only primary). You cannot add to the trunk secondary PVALNs, only one primary.

    For example:

    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members Priv-Prim;

     

    Secondary PVLANs adding to PVLAN trunk automaticly. If need add to the trunk other (not PVLAN) VLANs, you need to add it in the configuration. For example (VLAN 50 - not PVLAN):

    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ Priv-Prim 50 ];