Isolated PVLAN on 2920 and 3800

JoshQ · ‎03-27-2019

I have followed several articles and videos, but can't seem to wrap my head around this. I have a business department I need separated from each other and all other vlans on our network. I have created a primary vlan 7 and secondary isolated vlan 70 on both my 2920 and 3800 switches. The issue is that although I can communicate with a client connected to the 70 vlan, so can everything else on our network including file access to the client on 70 from a different vlan. What am I missing here?

Internet (firewall and web filter inline) -> Core Switch (3800) Port 52 -> Port 1/A1 MS Main (2920) - > Port 27 Client

Core -

interface 52
dhcp-snooping trust
dhcpv6-snooping trust
name "MiddleSchool"
ipv6 nd snooping trust
exit
snmp-server community "bradford" unrestricted
snmp-server host 172.16.101.2 community "bradford" trap-level all
snmp-server enable traps mac-notify
snmp-server enable traps mac-count-notify
oobm
ip address dhcp-bootp
exit
router rip
redistribute connected
enable
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 7-9,18-21,25-31,Trk2-Trk3
untagged 2-6,22-24,32-52
tagged 1
ip address 172.16.101.26 255.255.0.0
ip helper-address 10.4.0.2
ip helper-address 10.4.0.3
exit
vlan 3
name "Wireless"
untagged 25-31
tagged 48-52
ip address 10.3.0.1 255.255.0.0
ip helper-address 10.4.0.2
ip helper-address 10.4.0.3
exit
vlan 4
name "Servers"
untagged 18-21,Trk2-Trk3
tagged 48
ip address 10.4.0.1 255.255.0.0
exit
vlan 5
name "Debug"
ip address 10.5.0.1 255.255.0.0
exit
vlan 6
name "Security"
untagged 7-9
tagged 48-52
ip address 10.6.0.1 255.255.255.0
exit
vlan 7
name "BusinessDept"
private-vlan primary
private-vlan isolated 70
tagged 52
ip address 10.7.0.1 255.255.255.0
exit
vlan 10
name "Registration"
tagged 25-31,48-52
ip address 10.10.0.1 255.255.0.0
ip helper-address 10.10.0.2
exit
vlan 20
name "Remediation"
tagged 25-31,48-52
ip address 10.20.0.1 255.255.0.0
ip helper-address 10.10.0.2
exit
vlan 30
name "DeadEnd"
tagged 25-31,48-52
ip address 10.30.0.1 255.255.0.0
ip helper-address 10.30.0.2
exit
vlan 70
name "VLAN70"
no ip address
exit

MS Main

interface 1/27
no private-vlan promiscuous
exit
interface 1/A1
dhcp-snooping trust
dhcpv6-snooping trust
ipv6 nd snooping trust
exit
snmp-server community "bradford" unrestricted
snmp-server host 172.16.101.2 community "bradford" trap-level all
no snmp-server enable traps link-change 1/1-1/3,1/47-1/48
snmp-server enable traps mac-notify
oobm
ip address dhcp-bootp
member 1
ip address dhcp-bootp
exit
member 2
ip address dhcp-bootp
exit
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1/1-1/9,1/11-1/15,1/24,1/27,1/32,1/34,2/1
untagged 1/10,1/16-1/23,1/25-1/26,1/28-1/31,1/33,1/35-1/48,1/A1-1/A2,2/2-2/24
ip address 172.16.110.6 255.255.0.0
exit
vlan 2
name "VL-LegacyData"
tagged 1/47-1/48,1/A1-1/A2
no ip address
exit
vlan 3
name "Wireless"
untagged 1/1,1/3-1/9,1/11-1/15,2/1
tagged 1/25,1/48,1/A1-1/A2
no ip address
exit
vlan 6
name "Security"
untagged 1/2,1/24,1/32,1/34
tagged 1/25,1/A1-1/A2
no ip address
exit
vlan 7
name "BusinessDept"
private-vlan primary
private-vlan isolated 70
tagged 1/A1
no ip address
exit
vlan 10
name "Registration"
tagged 1/1-1/9,1/11-1/15,1/25,1/48,1/A1-1/A2
no ip address
exit
vlan 20
name "Remediation"
tagged 1/1-1/9,1/11-1/15,1/25,1/48,1/A1-1/A2
no ip address
exit
vlan 30
name "DeadEnd"
tagged 1/1-1/9,1/11-1/15,1/25,1/48,1/A1-1/A2
no ip address
exit
vlan 70
name "VLAN70"
untagged 1/27
no ip address
exit

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Isolated PVLAN on 2920 and 3800

Isolated PVLAN on 2920 and 3800