How do use the promiscuous port mode?
What is promiscuous port mode?
I think promiscuous port mode is a port that can communicate with all VMs in the private VLAN.
I have a test environment.
It has been configure private VLAN.
Have a primary VLAN that ID is 20, IP address is 192.168.20.1
Have 3 secondary VLAN respectively are:
community VLAN that ID is 201,IP address is 192.168.201.1
Isolate VLAN that ID is 202,IP address is 192.168.202.1
Have a DHCP Server in VLAN 2 that isn't private VLAN
All VLANs have been configure IP helper-Address in physical switch.
How do Isolate VLAN get IP Address from DHCP Server?
Result(issue):
In addition to VMs on the Isolate VLAN, the VMs on the other VLAN can get a IP address.
Use Ping from VLAN 201 to VLAN 20 is failed.
Use Ping from VLAN 201 to 192.168.20.1 is pass.
Use Ping from VLAN 20 to VLAN 201 is failed.
Use Ping from VLAN 20 to 192.168.201.1 is pass.
This is my physical switch configure:
Building configuration...
Current configuration : 2903 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
vlan 2-5
!
vlan 20
private-vlan association 201-203
!
vlan 201-203
!
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/3
no ip address
no mdix auto
!
interface GigabitEthernet1/0/4
no ip address
no mdix auto
!
interface GigabitEthernet1/0/5
no ip address
no mdix auto
!
interface GigabitEthernet1/0/6
no ip address
no mdix auto
!
interface GigabitEthernet1/0/7
no ip address
no mdix auto
!
interface GigabitEthernet1/0/8
no ip address
no mdix auto
!
interface GigabitEthernet1/0/9
no ip address
no mdix auto
!
interface GigabitEthernet1/0/10
no ip address
no mdix auto
!
interface GigabitEthernet1/0/11
no ip address
no mdix auto
!
interface GigabitEthernet1/0/12
no ip address
no mdix auto
!
interface GigabitEthernet1/0/13
no ip address
no mdix auto
!
interface GigabitEthernet1/0/14
no ip address
no mdix auto
!
interface GigabitEthernet1/0/15
no ip address
no mdix auto
!
interface GigabitEthernet1/0/16
no ip address
no mdix auto
!
interface GigabitEthernet1/0/17
no ip address
no mdix auto
!
interface GigabitEthernet1/0/18
no ip address
no mdix auto
!
interface GigabitEthernet1/0/19
no ip address
no mdix auto
!
interface GigabitEthernet1/0/20
no ip address
no mdix auto
!
interface GigabitEthernet1/0/21
no ip address
no mdix auto
!
interface GigabitEthernet1/0/22
no ip address
no mdix auto
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.2.10
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.2.10
!
interface Vlan5
ip address 192.168.5.1 255.255.255.0
ip helper-address 192.168.2.10
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
ip helper-address 192.168.2.10
!
interface Vlan201
ip address 192.168.201.1 255.255.255.0
ip helper-address 192.168.2.10
!
interface Vlan202
ip address 192.168.202.1 255.255.255.0
ip helper-address 192.168.2.10
!
interface Vlan203
ip address 192.168.203.1 255.255.255.0
ip helper-address 192.168.2.10
!
ip classless
ip http server
!
!
line con 0
line vty 5 15
!
end
