Example: PVLAN deployment with L2-L3 boundary at the leaf layer The following use case illustrates a deployment scenario in which the end devices that belong to different tenants are separated using secondary VLANs. Here, the private VLAN domain is spanned across two data centers using an ISL trunk port. In this example:
The configured trunk port carries the traffic for both the primary and secondary VLANs.
The leaf nodes provide L3 connectivity to the external network and between end devices in secondary VLANs. The gateway for all the hosts in the PVLAN domains is the anycast ip address on the primary VLANs.
Configuration notes IP addresses are configured on the primary VLANs of the leaf nodes.
Anycast IP address is also configured on the primary VLANs.
The anycast IP address remains the same for PVLAN domains that are extended across the data centers.
Configure IP Local Proxy ARP feature on the primary VLANs of the leaf nodes to enable connectivity between end devices that belong to different secondary VLANs (community or isolated or both) of a PVLAN domain.
The uplink ports from the leaf nodes to the spine switch are non-PVLAN L3 networks.
AG1 Leaf Switch Configure the VLTi member links between AG1 and AG2.
AG1(config)# interface ethernet1/1/11
AG1(conf-if-eth1/1/11)# no shutdown
AG1(conf-if-eth1/1/11)# no switchport
AG1(conf-if-eth1/1/11)# exit
AG1(config)# interface ethernet1/1/12
AG1(conf-if-eth1/1/12)# no shutdown
AG1(conf-if-eth1/1/12)# no switchport
AG1(conf-if-eth1/1/12)# exit
Configure the VLT domain.
AG1(config)# vlt-domain 255
AG1(conf-vlt-255)# backup destination 100.104.80.12
AG1(conf-vlt-255)# discovery-interface ethernet1/1/11-1/1/12
AG1(conf-vlt-255)# peer-routing
AG1(conf-vlt-255)# primary-priority 1
AG1(conf-vlt-255)# vlt-mac 00:00:00:00:01:01
AG1(conf-vlt-255)# exit
Configure the VLT port channels.
AG1(config)# interface ethernet1/1/15
AG1(conf-if-eth1/1/15)# no shutdown
AG1(conf-if-eth1/1/15)# no switchport
AG1(conf-if-eth1/1/15)# channel-group 1 mode active
AG1(conf-if-eth1/1/15)# exit
AG1(config)# interface port-channel 1
AG1(conf-if-po-1)# vlt-port-channel 1
AG1(conf-if-po-1)# exit
AG1(config)# interface ethernet1/1/16
AG1(conf-if-eth1/1/16)# no shutdown
AG1(conf-if-eth1/1/16)# no switchport
AG1(conf-if-eth1/1/16)# channel-group 2 mode active
AG1(conf-if-eth1/1/16)# exit
AG1(config)# interface port-channel 2
AG1(conf-if-po-2)# vlt-port-channel 2
AG1(conf-if-po-2)# exit
AG1(config)# interface ethernet1/1/17
AG1(conf-if-eth1/1/17)# no shutdown
AG1(conf-if-eth1/1/17)# no switchport
AG1(conf-if-eth1/1/17)# channel-group 3 mode active
AG1(conf-if-eth1/1/17)# exit
AG1(config)# interface port-channel 3
AG1(conf-if-po-3)# vlt-port-channel 3
AG1(conf-if-po-3)# exit
AG1(config)# interface ethernet1/1/18
AG1(conf-if-eth1/1/18)# no shutdown
AG1(conf-if-eth1/1/18)# no switchport
AG1(conf-if-eth1/1/18)# channel-group 4 mode active
AG1(conf-if-eth1/1/18)# exit
AG1(config)# interface port-channel 4
AG1(conf-if-po-4)# vlt-port-channel 4
AG1(conf-if-po-4)# exit
AG1(config)# interface ethernet1/1/21
AG1(conf-if-eth1/1/21)# no shutdown
AG1(conf-if-eth1/1/21)# no switchport
AG1(conf-if-eth1/1/21)# channel-group 128 mode active
AG1(conf-if-eth1/1/21)# exit
AG1(config)# interface ethernet1/1/22
AG1(conf-if-eth1/1/22)# no shutdown
AG1(conf-if-eth1/1/22)# no switchport
AG1(conf-if-eth1/1/22)# channel-group 128 mode active
AG1(conf-if-eth1/1/22)# exit
AG1(config)# interface port-channel 128
AG1(conf-if-po-3)# vlt-port-channel 1024
AG1(conf-if-po-3)# exit
AG1(config)# interface ethernet1/1/10
AG1(conf-if-eth1/1/10)# no shutdown
AG1(conf-if-eth1/1/10)# no switchport
AG1(conf-if-eth1/1/10)# channel-group 101 mode active
AG1(conf-if-eth1/1/10)# exit
AG1(config)# interface port-channel 101
AG1(conf-if-po-3)# vlt-port-channel 1022
AG1(conf-if-po-3)# exit
Configure the primary VLANs and the PVLAN mode.
AG1(config)# interface vlan 100
AG1(conf-if-vl-100)# private-vlan mode primary
AG1(conf-if-vl-100)# exit
AG1(config)# interface vlan 200
AG1(conf-if-vl-200)# private-vlan mode primary
AG1(conf-if-vl-200)# exit
Configure the secondary VLANs and the respective PVLAN modes.
AG1(config)# interface vlan 11
AG1(conf-if-vl-11)# private-vlan mode community
AG1(conf-if-vl-11)# exit
AG1(config)# interface vlan 12
AG1(conf-if-vl-12)# private-vlan mode community
AG1(conf-if-vl-12)# exit
AG1(config)# interface vlan 13
AG1(conf-if-vl-13)# private-vlan mode isolated
AG1(conf-if-vl-13)# exit
AG1(config)# interface vlan 21
AG1(conf-if-vl-21)# private-vlan mode community
AG1(conf-if-vl-21)# exit
AG1(config)# interface vlan 22
AG1(conf-if-vl-22)# private-vlan mode isolated
AG1(conf-if-vl-22)# exit
Associate the secondary VLANs to the primary VLAN.
AG1(config)# interface vlan 100
AG1(conf-if-vl-100)# private-vlan mapping secondary-vlans 11-13
AG1(conf-if-vl-100)# exit
AG1(config)# interface vlan 200
AG1(conf-if-vl-200)# private-vlan mapping secondary-vlans 21-22
AG1(conf-if-vl-200)# exit
Configure the port mode on the community and isolated ports.
AG1(config)# interface port-channel1
AG1(conf-if-po-1)# no shutdown
AG1(conf-if-po-1)# private-vlan mode secondary-port
AG1(conf-if-po-1)# exit
AG1(config)# interface port-channel2
AG1(conf-if-po-2)# no shutdown
AG1(conf-if-po-2)# private-vlan mode secondary-port
AG1(conf-if-po-2)# exit
AG1(config)# interface port-channel3
AG1(conf-if-po-3)# no shutdown
AG1(conf-if-po-3)# private-vlan mode secondary-port
AG1(conf-if-po-3)# exit
AG1(config)# interface port-channel4
AG1(conf-if-po-4)# no shutdown
AG1(conf-if-po-4)# private-vlan mode secondary-port
AG1(conf-if-po-4)# exit
AG1(config)# interface ethernet1/1/1
AG1(conf-if-eth1/1/1)# no shutdown
AG1(conf-if-eth1/1/1)# private-vlan mode secondary-port
AG1(conf-if-eth1/1/1)# exit
AG1(config)# interface ethernet1/1/2
AG1(conf-if-eth1/1/2)# no shutdown
AG1(conf-if-eth1/1/2)# private-vlan mode secondary-port
AG1(conf-if-eth1/1/2)# exit
Associate the member ports to the secondary VLANs.
AG1(config)# interface port-channel1
AG1(conf-if-po-1)# switchport mode trunk
AG1(conf-if-po-1)# switchport trunk allowed vlan 12
AG1(conf-if-po-1)# exit
AG1(config)# interface port-channel2
AG1(conf-if-po-2)# switchport mode trunk
AG1(conf-if-po-2)# switchport trunk allowed vlan 13
AG1(conf-if-po-2)# exit
AG1(config)# interface port-channel3
AG1(conf-if-po-3)# switchport mode trunk
AG1(conf-if-po-3)# switchport trunk allowed vlan 21
AG1(conf-if-po-3)# exit
AG1(config)# interface port-channel4
AG1(conf-if-po-4)# switchport mode trunk
AG1(conf-if-po-4)# switchport trunk allowed vlan 22
AG1(conf-if-po-4)# exit
AG1(config)# interface ethernet1/1/1
AG1(conf-if-eth1/1/1)# switchport mode trunk
AG1(conf-if-eth1/1/1)# switchport trunk allowed vlan 12
AG1(conf-if-eth1/1/1)# exit
AG1(config)# interface ethernet1/1/2
AG1(conf-if-eth1/1/2)# switchport mode trunk
AG1(conf-if-eth1/1/2)# switchport trunk allowed vlan 13
AG1(conf-if-eth1/1/2)# exit
Associate the ISL to the primary and the secondary VLANs as a normal trunk port.
AG1(config)# interface port-channel128
AG1(conf-if-po-128)# switchport mode trunk
AG1(conf-if-po-128)# switchport trunk allowed vlan 11-13,21-22,100,200
AG1(conf-if-po-128)# exit
Configure anycast MAC address.
AG1(config)# ip virtual-router mac-address 00:00:00:44:44:44 Configure IP address and anycast IP address on the primary VLANs.
AG1(config)# interface vlan 100
AG1(conf-if-vl-100)# ip address 172.1.1.1/16
AG1(conf-if-vl-100)# ip virtual-router address 172.1.0.254
AG1(conf-if-vl-100)# exit
AG1(config)# interface vlan 200
AG1(conf-if-vl-200)# ip address 172.2.1.1/16
AG1(conf-if-vl-200)# ip virtual-router address 172.2.0.254
AG1(conf-if-vl-200)# exit
(Optional) If connectivity between end devices that belong to secondary vlans (community or isolated or both) of the same PVLAN domain is required, configure IP Local Proxy ARP on the primary VLANs.
AG1(config)# interface vlan 100
AG1(conf-if-vl-100)# ip local-proxy-arp
AG1(conf-if-vl-100)# exit
AG2 Leaf Switch Configure the VLTi member links between AG1 and AG2.
AG2(config)# interface ethernet1/1/11
AG2(conf-if-eth1/1/11)# no shutdown
AG2(conf-if-eth1/1/11)# no switchport
AG2(conf-if-eth1/1/11)# exit
AG2(config)# interface ethernet1/1/12
AG2(conf-if-eth1/1/12)# no shutdown
AG2(conf-if-eth1/1/12)# no switchport
AG2(conf-if-eth1/1/12)# exit
Configure the VLT domain.
AG2(config)# vlt-domain 255
AG2(conf-vlt-255)# backup destination 100.104.80.14
AG2(conf-vlt-255)# discovery-interface ethernet1/1/11-1/1/12
AG2(conf-vlt-255)# peer-routing
AG2(conf-vlt-255)# primary-priority 65535
AG2(conf-vlt-255)# vlt-mac 00:00:00:00:01:01
AG2(conf-vlt-255)# exit
Configure the VLT port channels.
AG2(config)# interface ethernet1/1/15
AG2(conf-if-eth1/1/15)# no shutdown
AG2(conf-if-eth1/1/15)# no switchport
AG2(conf-if-eth1/1/15)# channel-group 1 mode active
AG2(conf-if-eth1/1/15)# exit
AG2(config)# interface port-channel 1
AG2(conf-if-po-1)# vlt-port-channel 1
AG2(conf-if-po-1)# exit
AG2(config)# interface ethernet1/1/16
AG2(conf-if-eth1/1/16)# no shutdown
AG2(conf-if-eth1/1/16)# no switchport
AG2(conf-if-eth1/1/16)# channel-group 2 mode active
AG2(conf-if-eth1/1/16)# exit
AG2(config)# interface port-channel 2
AG2(conf-if-po-2)# vlt-port-channel 2
AG2(conf-if-po-2)# exit
AG2(config)# interface ethernet1/1/17
AG2(conf-if-eth1/1/17)# no shutdown
AG2(conf-if-eth1/1/17)# no switchport
AG2(conf-if-eth1/1/17)# channel-group 3 mode active
AG2(conf-if-eth1/1/17)# exit
AG2(config)# interface port-channel 3
AG2(conf-if-po-3)# vlt-port-channel 3
AG2(conf-if-po-3)# exit
AG2(config)# interface ethernet1/1/18
AG2(conf-if-eth1/1/18)# no shutdown
AG2(conf-if-eth1/1/18)# no switchport
AG2(conf-if-eth1/1/18)# channel-group 4 mode active
AG2(conf-if-eth1/1/18)# exit
AG2(config)# interface port-channel 4
AG2(conf-if-po-4)# vlt-port-channel 4
AG2(conf-if-po-4)# exit
AG2(config)# interface ethernet1/1/21
AG2(conf-if-eth1/1/21)# no shutdown
AG2(conf-if-eth1/1/21)# no switchport
AG2(conf-if-eth1/1/21)# channel-group 128 mode active
AG2(conf-if-eth1/1/21)# exit
AG2(config)# interface ethernet1/1/22
AG2(conf-if-eth1/1/22)# no shutdown
AG2(conf-if-eth1/1/22)# no switchport
AG2(conf-if-eth1/1/22)# channel-group 128 mode active
AG2(conf-if-eth1/1/22)# exit
AG2(config)# interface port-channel 128
AG2(conf-if-po-3)# vlt-port-channel 1024
AG2(conf-if-po-3)# exit
AG2(config)# interface ethernet1/1/10
AG2(conf-if-eth1/1/10)# no shutdown
AG2(conf-if-eth1/1/10)# no switchport
AG2(conf-if-eth1/1/10)# channel-group 101 mode active
AG2(conf-if-eth1/1/10)# exit
AG2(config)# interface port-channel 101
AG2(conf-if-po-3)# vlt-port-channel 1022
AG2(conf-if-po-3)# exit
Configure the primary VLANs and the PVLAN mode.
AG2(config)# interface vlan 100
AG2(conf-if-vl-100)# private-vlan mode primary
AG2(conf-if-vl-100)# exit
AG2(config)# interface vlan 200
AG2(conf-if-vl-200)# private-vlan mode primary
AG2(conf-if-vl-200)# exit
Configure the secondary VLANs and the respective PVLAN modes.
AG2(config)# interface vlan 11
AG2(conf-if-vl-11)# private-vlan mode community
AG2(conf-if-vl-11)# exit
AG2(config)# interface vlan 12
AG2(conf-if-vl-12)# private-vlan mode community
AG2(conf-if-vl-12)# exit
AG2(config)# interface vlan 13
AG2(conf-if-vl-13)# private-vlan mode isolated
AG2(conf-if-vl-13)# exit
AG2(config)# interface vlan 21
AG2(conf-if-vl-21)# private-vlan mode community
AG2(conf-if-vl-21)# exit
AG2(config)# interface vlan 22
AG2(conf-if-vl-22)# private-vlan mode isolated
AG2(conf-if-vl-22)# exit
Associate the secondary VLANs to the primary VLAN.
AG2(config)# interface vlan 100
AG2(conf-if-vl-100)# private-vlan mapping secondary-vlans 11-13
AG2(conf-if-vl-100)# exit
AG2(config)# interface vlan 200
AG2(conf-if-vl-200)# private-vlan mapping secondary-vlans 21-22
AG2(conf-if-vl-200)# exit
Configure the port mode on the community and isolated ports.
AG2(config)# interface port-channel1
AG2(conf-if-po-1)# no shutdown
AG2(conf-if-po-1)# private-vlan mode secondary-port
AG2(conf-if-po-1)# exit
AG2(config)# interface port-channel2
AG2(conf-if-po-2)# no shutdown
AG2(conf-if-po-2)# private-vlan mode secondary-port
AG2(conf-if-po-2)# exit
AG2(config)# interface port-channel3
AG2(conf-if-po-3)# no shutdown
AG2(conf-if-po-3)# private-vlan mode secondary-port
AG2(conf-if-po-3)# exit
AG2(config)# interface port-channel4
AG2(conf-if-po-4)# no shutdown
AG2(conf-if-po-4)# private-vlan mode secondary-port
AG2(conf-if-po-4)# exit
AG2(config)# interface ethernet1/1/1
AG2(conf-if-eth1/1/1)# no shutdown
AG2(conf-if-eth1/1/1)# private-vlan mode secondary-port
AG2(conf-if-eth1/1/1)# exit
AG2(config)# interface ethernet1/1/2
AG2(conf-if-eth1/1/2)# no shutdown
AG2(conf-if-eth1/1/2)# private-vlan mode secondary-port
AG2(conf-if-eth1/1/2)# exit
Associate the member ports to the secondary VLANs.
AG2(config)# interface port-channel1
AG2(conf-if-po-1)# switchport mode trunk
AG2(conf-if-po-1)# switchport trunk allowed vlan 12
AG2(conf-if-po-1)# exit
AG2(config)# interface port-channel2
AG2(conf-if-po-2)# switchport mode trunk
AG2(conf-if-po-2)# switchport trunk allowed vlan 13
AG2(conf-if-po-2)# exit
AG2(config)# interface port-channel3
AG2(conf-if-po-3)# switchport mode trunk
AG2(conf-if-po-3)# switchport trunk allowed vlan 21
AG2(conf-if-po-3)# exit
AG2(config)# interface port-channel4
AG2(conf-if-po-4)# switchport mode trunk
AG2(conf-if-po-4)# switchport trunk allowed vlan 22
AG2(conf-if-po-4)# exit
AG2(config)# interface ethernet1/1/1
AG2(conf-if-eth1/1/1)# switchport mode trunk
AG2(conf-if-eth1/1/1)# switchport trunk allowed vlan 12
AG2(conf-if-eth1/1/1)# exit
AG2(config)# interface ethernet1/1/2
AG2(conf-if-eth1/1/2)# switchport mode trunk
AG2(conf-if-eth1/1/2)# switchport trunk allowed vlan 13
AG2(conf-if-eth1/1/2)# exit
Associate the ISL to the primary and the secondary VLANs as a normal trunk port.
AG2(config)# interface port-channel128
AG2(conf-if-po-128)# switchport mode trunk
AG2(conf-if-po-128)# switchport trunk allowed vlan 11-13,21-22,100,200
AG2(conf-if-po-128)# exit
Configure anycast MAC address.
AG2(config)# ip virtual-router mac-address 00:00:00:44:44:44
Configure IP address and anycast IP address on the primary VLANs.
AG2(config)# interface vlan 100
AG2(conf-if-vl-100)# ip address 172.1.1.2/16
AG2(conf-if-vl-100)# ip virtual-router address 172.1.0.254
AG2(conf-if-vl-100)# exit
AG2(config)# interface vlan 200
AG2(conf-if-vl-200)# ip address 172.2.1.2/16
AG2(conf-if-vl-200)# ip virtual-router address 172.2.0.254
AG2(conf-if-vl-200)# exit
AG3 Leaf Switch Configure the VLTi member links between AG1 and AG2.
AG3(config)# interface ethernet1/1/11
AG3(conf-if-eth1/1/11)# no shutdown
AG3(conf-if-eth1/1/11)# no switchport
AG3(conf-if-eth1/1/11)# exit
AG3(config)# interface ethernet1/1/12
AG3(conf-if-eth1/1/12)# no shutdown
AG3(conf-if-eth1/1/12)# no switchport
AG3(conf-if-eth1/1/12)# exit
Configure the VLT domain.
AG3(config)# vlt-domain 255
AG3(conf-vlt-255)# backup destination 100.104.80.15
AG3(conf-vlt-255)# discovery-interface ethernet1/1/11-1/1/12
AG3(conf-vlt-255)# peer-routing
AG3(conf-vlt-255)# primary-priority 1
AG3(conf-vlt-255)# vlt-mac 00:00:00:00:00:02
AG3(conf-vlt-255)# exit
Configure the VLT port channels.
AG3(config)# interface ethernet1/1/15
AG3(conf-if-eth1/1/15)# no shutdown
AG3(conf-if-eth1/1/15)# no switchport
AG3(conf-if-eth1/1/15)# channel-group 1 mode active
AG3(conf-if-eth1/1/15)# exit
AG3(config)# interface port-channel 1
AG3(conf-if-po-1)# vlt-port-channel 1
AG3(conf-if-po-1)# exit
AG3(config)# interface ethernet1/1/16
AG3(conf-if-eth1/1/16)# no shutdown
AG3(conf-if-eth1/1/16)# no switchport
AG3(conf-if-eth1/1/16)# channel-group 2 mode active
AG3(conf-if-eth1/1/16)# exit
AG3(config)# interface port-channel 2
AG3(conf-if-po-2)# vlt-port-channel 2
AG3(conf-if-po-2)# exit
AG3(config)# interface ethernet1/1/22
AG3(conf-if-eth1/1/22)# no shutdown
AG3(conf-if-eth1/1/22)# no switchport
AG3(conf-if-eth1/1/22)# channel-group 128 mode active
AG3(conf-if-eth1/1/22)# exit
AG3(config)# interface ethernet1/1/23
AG3(conf-if-eth1/1/23)# no shutdown
AG3(conf-if-eth1/1/23)# no switchport
AG3(conf-if-eth1/1/23)# channel-group 128 mode active
AG3(conf-if-eth1/1/23)# exit
AG3(config)# interface port-channel 128
AG3(conf-if-po-128)# vlt-port-channel 1024
AG3(conf-if-po-128)# exit
Configure the primary VLANs and the PVLAN mode.
AG3(config)# interface vlan 100
AG3(conf-if-vl-100)# private-vlan mode primary
AG3(conf-if-vl-100)# exit
AG3(config)# interface vlan 200
AG3(conf-if-vl-200)# private-vlan mode primary
AG3(conf-if-vl-200)# exit
Configure the secondary VLANs and the respective PVLAN modes.
AG3(config)# interface vlan 11
AG3(conf-if-vl-11)# private-vlan mode community
AG3(conf-if-vl-11)# exit
AG3(config)# interface vlan 12
AG3(conf-if-vl-12)# private-vlan mode community
AG3(conf-if-vl-12)# exit
AG3(config)# interface vlan 13
AG3(conf-if-vl-13)# private-vlan mode isolated
AG3(conf-if-vl-13)# exit
AG3(config)# interface vlan 21
AG3(conf-if-vl-21)# private-vlan mode community
AG3(conf-if-vl-21)# exit
AG3(config)# interface vlan 22
AG3(conf-if-vl-22)# private-vlan mode isolated
AG3(conf-if-vl-22)# exit
Associate the secondary VLANs to the primary VLAN.
AG3(config)# interface vlan 100
AG3(conf-if-vl-100)# private-vlan mapping secondary-vlans 11-13
AG3(conf-if-vl-100)# exit
AG3(config)# interface vlan 200
AG3(conf-if-vl-200)# private-vlan mapping secondary-vlans 21
AG3(conf-if-vl-200)# exit
Configure the port mode on the community and isolated ports.
AG3(config)# interface port-channel1
AG3(conf-if-po-1)# no shutdown
AG3(conf-if-po-1)# private-vlan mode secondary-port
AG3(conf-if-po-1)# exit
AG3(config)# interface port-channel2
AG3(conf-if-po-2)# no shutdown
AG3(conf-if-po-2)# private-vlan mode secondary-port
AG3(conf-if-po-2)# exit
AG3(config)# interface ethernet1/1/1
AG3(conf-if-eth1/1/1)# no shutdown
AG3(conf-if-eth1/1/1)# private-vlan mode secondary-port
AG3(conf-if-eth1/1/1)# exit
Associate the member ports to the secondary VLANs.
AG3(config)# interface port-channel1
AG3(conf-if-po-1)# switchport mode trunk
AG3(conf-if-po-1)# switchport trunk allowed vlan 11
AG3(conf-if-po-1)# exit
AG3(config)# interface port-channel2
AG3(conf-if-po-2)# switchport mode trunk
AG3(conf-if-po-2)# switchport trunk allowed vlan 13
AG3(conf-if-po-2)# exit
AG3(config)# interface ethernet1/1/1
AG3(conf-if-eth1/1/1)# switchport mode trunk
AG3(conf-if-eth1/1/1)# switchport trunk allowed vlan 21-22
AG3(conf-if-eth1/1/1)# exit
Associate the ISL to the primary and the secondary VLANs as a normal trunk port.
AG3(config)# interface port-channel128
AG3(conf-if-po-128)# switchport mode trunk
AG3(conf-if-po-128)# switchport trunk allowed vlan 11-13,21-22,100,200
AG3(conf-if-po-128)# exit
Configure anycast MAC address.
AG3(config)# ip virtual-router mac-address 00:00:00:44:44:44
Configure IP address and anycast IP address on the primary VLANs.
AG3(config)# interface vlan 100
AG3(conf-if-vl-100)# ip address 172.1.1.3/16
AG3(conf-if-vl-100)# ip virtual-router address 172.1.0.254
AG3(conf-if-vl-100)# exit
AG3(config)# interface vlan 200
AG3(conf-if-vl-200)# ip address 172.2.1.3/16
AG3(conf-if-vl-200)# ip virtual-router address 172.2.0.254
AG3(conf-if-vl-200)# exit
AG4 Leaf Switch Configure the VLTi member links between AG1 and AG2.
AG4(config)# interface ethernet1/1/11
AG4(conf-if-eth1/1/11)# no shutdown
AG4(conf-if-eth1/1/11)# no switchport
AG4(conf-if-eth1/1/11)# exit
AG4(config)# interface ethernet1/1/12
AG4(conf-if-eth1/1/12)# no shutdown
AG4(conf-if-eth1/1/12)# no switchport
AG4(conf-if-eth1/1/12)# exit
Configure the VLT domain.
AG4(config)# vlt-domain 255
AG4(conf-vlt-255)# backup destination 100.104.80.16
AG4(conf-vlt-255)# discovery-interface ethernet1/1/11-1/1/12
AG4(conf-vlt-255)# peer-routing
AG4(conf-vlt-255)# primary-priority 65535
AG4(conf-vlt-255)# vlt-mac 00:00:00:00:00:02
AG4(conf-vlt-255)# exit
Configure the VLT port channels.
AG4(config)# interface ethernet1/1/15
AG4(conf-if-eth1/1/15)# no shutdown
AG4(conf-if-eth1/1/15)# no switchport
AG4(conf-if-eth1/1/15)# channel-group 1 mode active
AG4(conf-if-eth1/1/15)# exit
AG4(config)# interface port-channel1
AG4(conf-if-po-1)# vlt-port-channel 1
AG4(conf-if-po-1)# exit
AG4(config)# interface ethernet1/1/16
AG4(conf-if-eth1/1/16)# no shutdown
AG4(conf-if-eth1/1/16)# no switchport
AG4(conf-if-eth1/1/16)# channel-group 2 mode active
AG4(conf-if-eth1/1/16)# exit
AG4(config)# interface port-channel2
AG4(conf-if-po-2)# vlt-port-channel 2
AG4(conf-if-po-2)# exit
AG4(config)# interface ethernet1/1/21
AG4(conf-if-eth1/1/21)# no shutdown
AG4(conf-if-eth1/1/21)# no switchport
AG4(conf-if-eth1/1/21)# channel-group 128 mode active
AG4(conf-if-eth1/1/21)# exit
AG4(config)# interface ethernet1/1/24
AG4(conf-if-eth1/1/24)# no shutdown
AG4(conf-if-eth1/1/24)# no switchport
AG4(conf-if-eth1/1/24)# channel-group 128 mode active
AG4(conf-if-eth1/1/24)# exit
AG4(config)# interface port-channel128
AG4(conf-if-po-128)# vlt-port-channel 1024
AG4(conf-if-po-128)# exit
Configure the primary VLANs and the PVLAN mode.
AG4(config)# interface vlan 100
AG4(conf-if-vl-100)# private-vlan mode primary
AG4(conf-if-vl-100)# exit
AG4(config)# interface vlan 200
AG4(conf-if-vl-200)# private-vlan mode primary
AG4(conf-if-vl-200)# exit
Configure the secondary VLANs and the respective PVLAN modes.
AG4(config)# interface vlan 11
AG4(conf-if-vl-11)# private-vlan mode community
AG4(conf-if-vl-11)# exit
AG4(config)# interface vlan 12
AG4(conf-if-vl-12)# private-vlan mode community
AG4(conf-if-vl-12)# exit
AG4(config)# interface vlan 13
AG4(conf-if-vl-13)# private-vlan mode isolated
AG4(conf-if-vl-13)# exit
AG4(config)# interface vlan 21
AG4(conf-if-vl-21)# private-vlan mode community
AG4(conf-if-vl-21)# exit
AG4(config)# interface vlan 22
AG4(conf-if-vl-22)# private-vlan mode isolated
AG4(conf-if-vl-22)# exit
Associate the secondary VLANs to the primary VLAN.
AG4(config)# interface vlan 100
AG4(conf-if-vl-100)# private-vlan mapping secondary-vlans 11-13
AG4(conf-if-vl-100)# exit
AG4(config)# interface vlan 200
AG4(conf-if-vl-200)# private-vlan mapping secondary-vlans 21-22
AG4(conf-if-vl-200)# exit
Configure the port mode on the community and isolated ports.
AG4(config)# interface port-channel1
AG4(conf-if-po-1)# no shutdown
AG4(conf-if-po-1)# private-vlan mode secondary-port
AG4(conf-if-po-1)# exit
AG4(config)# interface port-channel2
AG4(conf-if-po-2)# no shutdown
AG4(conf-if-po-2)# private-vlan mode secondary-port
AG4(conf-if-po-2)# exit
AG4(config)# interface ethernet1/1/1
AG4(conf-if-eth1/1/1)# no shutdown
AG4(conf-if-eth1/1/1)# private-vlan mode secondary-port
AG4(conf-if-eth1/1/1)# exit
AG4(config)# interface ethernet1/1/2
AG4(conf-if-eth1/1/2)# no shutdown
AG4(conf-if-eth1/1/2)# private-vlan mode secondary-port
AG4(conf-if-eth1/1/2)# exit
Associate the member ports to the secondary VLANs.
AG4(config)# interface port-channel1
AG4(conf-if-po-1)# switchport mode trunk
AG4(conf-if-po-1)# switchport trunk allowed vlan 11
AG4(conf-if-po-1)# exit
AG4(config)# interface port-channel2
AG4(conf-if-po-2)# switchport mode trunk
AG4(conf-if-po-2)# switchport trunk allowed vlan 13
AG4(conf-if-po-2)# exit
AG4(config)# interface ethernet1/1/1
AG4(conf-if-eth1/1/1)# switchport mode trunk
AG4(conf-if-eth1/1/1)# switchport trunk allowed vlan 12
AG4(conf-if-eth1/1/1)# exit
AG4(config)# interface ethernet1/1/2
AG4(conf-if-eth1/1/2)# switchport mode trunk
AG4(conf-if-eth1/1/2)# switchport trunk allowed vlan 22
AG4(conf-if-eth1/1/2)# exit
Associate the ISL to the primary and the secondary VLANs as a normal trunk port.
AG4(config)# interface port-channel128
AG4(conf-if-po-128)# switchport mode trunk
AG4(conf-if-po-128)# switchport trunk allowed vlan 11-13,21-22,100,200
AG4(conf-if-po-128)# exit
Configure anycast MAC address.
AG4(config)# ip virtual-router mac-address 00:00:00:44:44:44
Configure IP address and anycast IP address on the primary VLANs.
AG4(config)# interface vlan 100
AG4(conf-if-vl-100)# ip address 172.1.1.4/16
AG4(conf-if-vl-100)# ip virtual-router address 172.1.0.254
AG4(conf-if-vl-100)# exit
AG4(config)# interface vlan 200
AG4(conf-if-vl-200)# ip address 172.2.1.4/16
AG4(conf-if-vl-200)# ip virtual-router address 172.2.0.254
AG4(conf-if-vl-200)# exit
Spine Switch Create the primary VLANs extended from AG1 and AG2.
SPINE(config)# interface vlan 100
SPINE(conf-if-vl-100)# ip address 172.1.1.1/16
SPINE(conf-if-vl-100)# exit
SPINE(config)# interface vlan 200
SPINE(conf-if-vl-200)# ip address 172.2.1.1/16
SPINE(conf-if-vl-200)# exit
Associate the VLT port channels to the primary VLANs extended from AG1 and AG2.
SPINE(config)# interface ethernet1/1/10
SPINE(conf-if-eth1/1/10)# no shutdown
SPINE(conf-if-eth1/1/10)# no switchport
SPINE(conf-if-eth1/1/10)# channel-group 101 mode active
SPINE(conf-if-eth1/1/10)# exit
SPINE(config)# interface ethernet1/1/11
SPINE(conf-if-eth1/1/11)# no shutdown
SPINE(conf-if-eth1/1/11)# no switchport
SPINE(conf-if-eth1/1/11)# channel-group 101 mode active
SPINE(conf-if-eth1/1/11)# exit
(Optional) To enable connectivity between end devices that belong to different secondary VLANs (community or isolated or both) of a PVLAN domain, enable
ip local-proxy arp on the VLAN in the spine switch.
SPINE(config)# interface vlan100
SPINE(conf-if-vl-100)# ip address 172.1.1.1/16
SPINE(conf-if-vl-100)# ip local-proxy-arp
SPINE(config)# interface vlan200
SPINE(conf-if-vl-200)# ip address 172.2.1.1/16
SPINE(conf-if-vl-200)# ip local-proxy-arp