Private-Vlans :-
Private-vlan --
|
|---Primary Vlan - There will be one primary for every secondary vlan. All secondary vlan can communicate with the primary vlan.
|
|---Secondary Vlan - Every Secondary vlan will communicate with only primary vlan. No two secondary vlan will communicate with each other.
Types of secondary vlans
|
|
/ \
/ \
Community Vlan Isolated Vlan
All pc's with in community vlan All pc's with in isolated vlan
will communicate each other. will not communicate with each other
Private
Vlan's Configuration with every command explanation :-
# Vtp mode
transparent ( Private-vlan will work only in this mode of vtp )
# vlan 10
# private-vlan
community à making vlan 10 as community vlan
# exit
# vlan 20
# private-vlan
isolated à making vlan 20 as isolated vlan
# exit
# vlan 100
#
private-vlan primary à making vlan 100 as primary
#
private-vlan association 10,20 à associating 10,20 ( secondary vlan
# exit to primary )
# int range
f 0/1 -2
# switchport
mode private-vlan host à making the port access mode
# sw
private-vlan host-association 100 10 à putting the port into specific vlan , first the
primary and then the secondary vlan
#exit
# int range
f 0/3-4
# switchport
mode private-vlan host
# sw private-vlan
host-association 100 20
# exit
# int f 0/5 à interface where router/ server is
connected
# switchport
mode private-vlan promiscuous à making port as trunk
# switchport
private-vlan mapping 100 10,20 à which vlan’s to be allowed from promiscuous port , ( first primary then secondary )
# exit
To verify
#show vlan
private-vlan
Primary
Secondary Type Ports
------- -------- --------- -----------------------------------------
100 10 community fa 0/5, fa0/1, fa 0/2
100 20 isolate fa0/5, fa0/3, fa 0/4
No comments:
Post a Comment