Showing posts with label PRIVATE VLAN. Show all posts
Showing posts with label PRIVATE VLAN. Show all posts

Thursday, June 11, 2015

PRIVATE VLAN

Private VLAN

This approach wastes both VLAN IDs and IP address space. Private VLANs

allowing multiple devices to reside in the same IP subnet,


A private VLAN is defined as a one primary VLAN with promiscuous port. With in the primary

vlan you will be enounter one or more secondary VLAN.


secondary VLANs in one of two modes:

Isolated - The end points of all ports assigned to an isolated private VLAN cannot

communicate with one another, nor with host ports in any other private VLANs.


Community - End points attached to community ports can communicate with one another,

but not with ports in other private VLANs.



An access port assigned to a private VLAN operates in one of two modes:

Host - The port inherits its behavior from the type of private VLAN it is assigned to.

Promiscuous - The port can communicate with any other private VLAN port in the same


Note:

Private VLAN Configured in transparent mode only.

primary VLAN.

Same IP address you can use 10.0.0.0/24

Community VLAN. (Communication between the same community vlans and primary vlan(promiscuous port)

Primary VLAN (bi-direction communication)

Isolated VLAN (communication between the primary vlan (promiscuous port) but not

communication between the same isolated vlan.)





Configuration

Switch(config)#vtp mode transparent

Setting device to VTP TRANSPARENT mode.



Switch(config)#vlan 10

Switch(config-vlan)#private-vlan primary

Switch(config-vlan)#private-vlan association 20,30



Switch(config)#vlan 20

Switch(config-vlan)#private-vlan community



Switch(config)#vlan 30

Switch(config-vlan)#private-vlan isolated



Primary VLAN

Switch(config-vlan)#int fa 0/1

Switch(config-if)#switchport mode private-vlan promiscuous

Switch(config-if)#switchport private-vlan mapping 10 20,30



Community VLAN

Switch(config-vlan)#int fa 0/3

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport private-vlan host 10 20



Isolated VLAN

Switch(config-vlan)#int fa 0/5

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport private-vlan host 10 30



if you want to add more port add in the community vlan just add the command per port

Switch(config-vlan)#int fa X/X or int range fa 0/1- 10

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport private-vlan host 10 20


if you want to add more port add in the Isolated vlan just add the command per port

Switch(config-vlan)#int fa 0/5

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport private-vlan host 10 30


show interface fa 0/20 switchport

show vlan private-vlan

show vlan private-vlan type


at No comments:
Labels:
Subscribe to: Posts (Atom)