pvlan ip interface

Post Reply
brnfnd
Member
Posts: 1
Joined: 07 Feb 2019 04:00

pvlan ip interface

Post by brnfnd » 07 Feb 2019 04:23

Hello everyone,

we are running an os6900 as core switch (with multiple ip interfaces) and some os6860 as edge switches.
The edges are connected via fibre linkagg ports to the core.
For security purposes (IoT devices and byod), we want to implement isolated pvlans.
The basic configuration is simple:
---
on core

Code: Select all

pvlan 17 admin-state enable
pvlan 17 secondary 117 type isolated
pvlan 17 secondary 217 type community
pvlan 17 members linkagg 1 isl
ip interface "vlan-17" address 192.168.17.1 mask 255.255.255.0 vlan 17
---
on edge

Code: Select all

pvlan 17 admin-state enable
pvlan 17 secondary 117 type isolated
pvlan 17 secondary 217 type community
pvlan 17 members linkagg 1 isl
pvlan 117 members port 1/1/13 untagged
---
I can't ping the 192.168.17.1 from a test device connected to the 1/1/13 port.
If I configure the 1/1/13 as an promiscous port, the ping succeeds, so in general, the connection works.
Reading from the docs, an isolated port can only communicate with a promiscous port.
So it seems an ip interface is not an promiscous port (by default, maybe)?
Are there special commands needed, or is it not possible without an additional routing device?

Looking at cisco, there it seems to be possible.
https://learningnetwork.cisco.com/thread/91939

---
Is there someone who can enlight me?

Thanks in Advance
brnfnd
OS6900: 8.4.1.141.R03 GA
OS6860: 8.4.1.141.R03 GA

Post Reply

Return to “OmniSwitch 6900”