I’m trying to use PVLAN to isolate devices (servers) on a L2 network from each other. However, these devices are currently sit on trunk ports, because they have VLAN-aware IPMI interfaces.
My config currently is:
untagged traffic on native vlan (100)
IPMI configured to vlan 10 (IPMI on the server is vlan-aware so sends tagged packets)
I’m struggling to figure out how to create an Isolated PVLAN (i.e. where no hosts can communicate with each other) for untagged traffic, whilst still allowing tagged traffic, on Juniper EX. The hope here is that with a single NIC I can have:
untagged traffic on an isolated port
tagged traffic (IPMI) on either isolated/promiscuous/community port – doesn’t matter which, so long as it works.
From what I’ve read I need to make the native VLAN isolated, but Juniper only seems to be able to configure access ports this way, which means I’d lose IPMI.
Can anyone advise if there’s a way to achieve this?
