Ethernet Switching
Highlighted
Ethernet Switching

private vlan spanning multiple switches

‎11-24-2014 07:33 AM

Hello all,

 

following situation: We need to implement pvlan in our data centers (in one data center we have an ex8208 and in the other we have a cisco nexus 7000).

 

while commiting check i get following error

 

error: Trunk port ae1.0 cannot be made member of community vlan <Priv-Com-216>
error: configuration check-out failed

 

the interface ae1 is the uplink to the seconde data center (inter-switch-link) and is carrying all vlan member (at this moment standard vlans only).

 

When i remove "vlan members all" from interface configuration of ae1, then the check is success.

 

The question is: when i let "vlan members all" removed will this port still carry the standard vlans too towards second data center?

 

Here is my config:

 

admin_user@EX1-DC1# show interfaces ae1
description ISL-N7K-DC2;
aggregated-ether-options {
    link-speed 10g;
    lacp {
        active;
        periodic fast;
    }
}
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members all;
        }
    }
}

 

{master:8}[edit]
admin_user@EX1-DC1# show | compare

[edit interfaces ae14 unit 0 family ethernet-switching vlan]
-       members [ ... ];
+       members [ ... 214 ];
[edit interfaces ae64 unit 0 family ethernet-switching vlan]
-       members [ ... ];
+       members [ ... 214 216 ];
[edit vlans]
+   Priv-Com-216 {
+       vlan-id 216;
+       interface {
+           ae64.0;
+       }
+       primary-vlan Priv-Prim;
+   }
+   Priv-Prim {
+       vlan-id 214;
+       interface {
+           ae1.0 {
+               pvlan-trunk;
+           }
+           ae14.0;
+       }
+       no-local-switching;
+       isolation-id 215;
+   }

{master:8}[edit]
admin_user@EX1-DC1# commit check
member8:
error: Trunk port ae1.0 cannot be made member of community vlan <Priv-Com-216>
error: configuration check-out failed

 

admin_user@EX1-DC1# show interfaces ae14
description Uplink-Core_Firewall;
aggregated-ether-options {
    link-speed 10g;
    lacp {
        passive;
    }
}
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members [ ... 214 ];
        }
    }
}


{master:8}[edit]
admin_user@EX1-DC1# show interfaces ae64
description ESX-Host-77-tr;
aggregated-ether-options {
    link-speed 1g;
}
unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members [ ... 214 216 ];
        }
    }
}

 

Thanks for any help

 

4 REPLIES 4
Highlighted
Ethernet Switching

Re: private vlan spanning multiple switches

‎11-27-2014 02:44 PM

When you remove vlan members all you have to specify all the vlans the trunk should carry.

best regards,

Screenie.
Juniper Ambassador, Instructor,JNCIP
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
Ethernet Switching

Re: private vlan spanning multiple switches

‎11-28-2014 02:24 AM

I've tested but got the same error

 

when I follow the steps mentioned under this link Creating a Private VLAN Spanning Multiple EX Series Switches (CLI Procedure)

 and configure just the 1. step "The primary VLAN must be a tagged VLAN. We recommend that you configure the primary VLAN first." and then execute "commit check" I get no errors and the check is success

 

admin_user@EX1-DC1# show | compare
[edit vlans]
+   Priv-Cloud-Prim {
+       vlan-id 214;
+       interface {
+           ae1.0 {
+               pvlan-trunk;
+           }
+           ae14.0;
+       }
+       no-local-switching;
+       isolation-id 215;
+   }

{master:8}[edit]
admin_user@EX1-DC1# commit check
member8:
configuration check succeeds
member9:
configuration check succeeds

{master:8}[edit]
admin_user@EX1-DC1# show interfaces ae1.0
family ethernet-switching {
    port-mode trunk;
    vlan {
        members all;
    }
}

 If I undestand the definition of "pvlan-trunk" statement correctly: "The PVLAN trunk port is a member of all VLANs within the PVLAN (that is, the primary VLAN, the community VLANs, and the interswitch isolated VLAN)" I'm note sure if normal/standard vlans will be allowed and carried over this trunk port too?

 

Can someone enlighten me?

Highlighted
Ethernet Switching
Solution
Accepted by topic author Realmatrix
‎08-26-2015 01:27 AM

Re: private vlan spanning multiple switches

[ Edited ]
‎12-01-2014 10:47 PM

Hi!

You need to remove from interface famaly etherswitching vlan members all

And add vlans except secondary VLANs (only primary). You cannot add to the trunk secondary PVALNs, only one primary.

For example:

unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members Priv-Prim;

 

Secondary PVLANs adding to PVLAN trunk automaticly. If need add to the trunk other (not PVLAN) VLANs, you need to add it in the configuration. For example (VLAN 50 - not PVLAN):

unit 0 {
    family ethernet-switching {
        port-mode trunk;
        vlan {
            members [ Priv-Prim 50 ];

 

 

Highlighted
Ethernet Switching

Re: private vlan spanning multiple switches

‎12-18-2014 05:29 PM

You have to remove this configuration from the trunk ports:

vlan {
        members all;
[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Feedback