Solved

PVLAN Promiscuous port not not forwarding packets to router.

Posted on 2013-06-19
7
1,103 Views
Last Modified: 2016-11-23
Hello Experts,

I have a Dell Powerconnect 7024 connected downstream from a Sonicwall NSA 3500.
I'm attempting to setup a VMware host behind the Powerconnect and utilize Private Vlans to separate VMs.

Primary Private Vlan is 59
Isolate = 100
Community1 = 213
Community2 = 223

I believe I have the configuration below correct however none of my VM's can ping the gateway (172.16.0.1).

The Sonicwall router is plugged into interface Gi1/0/1 and my lab server is plugged into Gi1/0/12

My question is 2 part.

First question is any idea as to why I can't ping the firewall from my VM's? (I have them setup with a distributed switch and are in the primary vlan (59).

Second Question is it possible to have multiple secondary vlans on a single physical interface. For example could I have the isolate vlan and both my community vlan's utilize a single interface?


Here is my running configuration:


console#show running-config

!Current Configuration:
!System Description "PowerConnect 7024, 5.1.0.1, VxWorks 6.6"
!System Software Version 5.1.0.1
!System Operational Mode "Normal"
!
configure
vlan 59,100,213,223
exit
vlan 59
private-vlan primary
private-vlan association 100,213,223
exit
vlan 100
private-vlan isolated
exit
vlan 213
private-vlan community
exit
vlan 223
private-vlan community
exit
slot 1/0 2    ! PowerConnect 7024
--More-- or (q)uit
stack
member 1 2    ! PCT7024
exit
interface out-of-band
ip address 192.168.2.1 255.255.255.0 0.0.0.0
exit
ip default-gateway 172.16.0.1
ip route 0.0.0.0 0.0.0.0 172.16.0.1 253
interface vlan 1
ip address 172.16.0.2 255.255.255.0
exit
username "root" password ee940cf388b41e947b04a25aab769645 privilege 15 encrypted
ip ssh server
!
interface Gi1/0/1
switchport mode private-vlan promiscuous
switchport private-vlan mapping 59 100-250
exit
!
interface Gi1/0/12
switchport mode private-vlan host
switchport private-vlan host-association 59 100
exit
--More-- or (q)uit
snmp-server engineid local 800002a2035c260ad98a1e
snmp-server agent boot count 2
enable password ee940cf388b41e947b04a25aab769645 encrypted
exit

console#
0
Comment
Question by:kinetik20
  • 4
  • 3
7 Comments
 
LVL 4

Expert Comment

by:iammorrison
ID: 39260765
I come from the cisco world and dont deal with dell network gear much but heres at least some guidance...

In order for a physical interface to be a member of multiple vlans, it must a trunk port. A port tagged for access to a vlan can only be associated to one vlan. There is nothing in that config that clearly states either of those Gig interfaces are trunk ports (again not overly familiar with Dell nomenclature), so that may be your first hurdle (also an answer to your questions). Both interfaces would need to be configured as trunk ports if you want the vms from different vlans to reach the gateway.
0
 
LVL 4

Author Comment

by:kinetik20
ID: 39260792
In my research I've come across a lot of cisco pvlan info that has applied to the dell gear. The CLI is very very similar. Would you have an idea of how you would configure my above desired config for a cisco switch? Perhaps I can translate that into the dell gear.
0
 
LVL 4

Expert Comment

by:iammorrison
ID: 39260821
in the cisco world it would go something like:

conf t
int gig1/0/1
switchport mode trunk
switchport trunk allowed vlan <vlan number or range>

and you would perform the same thing on gig1/0/12
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 4

Author Comment

by:kinetik20
ID: 39260976
Well I tried trunking the ports but that did not work either.
0
 
LVL 4

Accepted Solution

by:
iammorrison earned 500 total points
ID: 39260997
you also need to configure the interface on the sonic wall as a trunk, I should have included that
0
 
LVL 4

Author Closing Comment

by:kinetik20
ID: 39261155
Thank you. Turns out this is the case and the sonicwall does not support trunking. Any help finding a comparable Cisco firewall that would and support at least 25 ipsec vpn tunnels?
0
 
LVL 4

Expert Comment

by:iammorrison
ID: 39261293
Glad I could help! I would look into the Cisco ASA devices,  maybe the 5510 and move up from there if you require more horsepower!
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question