3 Posts
0
565
N1148T-ON private vlan and management VLAN 1
Hello.
I have a central switch model Dell S4048-ON with a few vlans created. One of them is the VLAN 111 used in a port-channel. Here is the configuration:
...............
interface Port-channel 11 ..... interface Vlan 111 |
Connected to that port-channel is the student's classroom switch model Dell N1148T-ON (firmware 6.7.1.8).
I created private vlan to avoid communication between students. Here is part of the config with 2 isolated ports and the LACP 1 and port 45 as private-vlan promiscuous:
| ! configure vlan 1111-1112 exit vlan 1111 private-vlan primary private-vlan association 1112 exit vlan 1112 private-vlan isolated exit interface vlan 1 ip address 10.11.0.253 255.255.0.0 exit ip default-gateway 10.11.0.254 ! interface Gi1/0/1 switchport mode private-vlan host switchport private-vlan host-association 1111 1112 exit ! interface Gi1/0/2 switchport mode private-vlan host switchport private-vlan host-association 1111 1112 exit ! interface Te1/0/25 channel-group 1 mode active exit ! interface Te1/0/26 channel-group 1 mode active exit ! interface Te1/0/27 channel-group 1 mode active exit ! interface Te1/0/28 channel-group 1 mode active exit ! interface Gi1/0/47 switchport mode private-vlan promiscuous switchport private-vlan host-association 1111 1112 switchport private-vlan mapping 1111 1112 exit ! interface port-channel 1 switchport mode private-vlan promiscuous switchport private-vlan mapping 1111 1112 exit |
Everything is working properly. In the classroom switch, isolated ports (1 and 2) can connect to the internet and other servers in the network (through port-channel 1), and also to port 47 in the same switch. From por 47 I can ping ports 1 and 2 and connect to any other server in the network. And finally ports 1 and 2 can't connect to each other as expected.
The problem I have is I can't connect to the switch IP management address 10.11.0.253, from promiscuous ports (port-channel 1 and 47) or from isolated ports (not important for me).
I can connect only to the management IP address using any port belonging to VLAN 1. And I would need to connect from central switch and port 47.
I don't know how to solve this. Any idea?
Thanks in advance.
DELL-Charles R
Moderator
Moderator
•
3.7K Posts
0
June 22nd, 2022 13:00
Hello Cecasacle,
Is this a new configuration or something that was working and now is not working?
We don't typically assist directly in initial configurations as there are some Dell Professional services that can handle this task on your behalf but I will see what I can do.
Please take a look at this resource and let me know if it helps.
Dell EMC Networking N-Series User’s Configuration Guide Version 6.7.0
Private VLANs Page 799-805
Configuring Private vlan page 855.
https://dell.to/3zXkUsn
Cecasacle
3 Posts
0
August 1st, 2022 07:00
Finally I found another and easy solution.
To use the "Protected Port Configuration" so I can activate/deactive the ports I need to block transfers between them.
Thank you.
Cecasacle
3 Posts
0
June 23rd, 2022 09:00
Hi Charles.
I followed the manual for the switch, with exactly the same instructions as the reference manual you sent me.
I tried to put the tengigabit ethernet port channel as trunk and in the other side in the central switch the portmode hybrid, but I still can't connect to the IP address 10.11.0.253 of the classroom switch from any other port except the ones connected in vlan 1 in the same switch.
Thank you anyway.