Thursday, June 11, 2015

PRIVATE VLAN

Private VLAN

This approach wastes both VLAN IDs and IP address space. Private VLANs

allowing multiple devices to reside in the same IP subnet,


A private VLAN is defined as a one primary VLAN with promiscuous port. With in the primary

vlan you will be enounter one or more secondary VLAN.


secondary VLANs in one of two modes:

Isolated - The end points of all ports assigned to an isolated private VLAN cannot

communicate with one another, nor with host ports in any other private VLANs.


Community - End points attached to community ports can communicate with one another,

but not with ports in other private VLANs.



An access port assigned to a private VLAN operates in one of two modes:

Host - The port inherits its behavior from the type of private VLAN it is assigned to.

Promiscuous - The port can communicate with any other private VLAN port in the same


Note:

Private VLAN Configured in transparent mode only.

primary VLAN.

Same IP address you can use 10.0.0.0/24

Community VLAN. (Communication between the same community vlans and primary vlan(promiscuous port)

Primary VLAN (bi-direction communication)

Isolated VLAN (communication between the primary vlan (promiscuous port) but not

communication between the same isolated vlan.)





Configuration

Switch(config)#vtp mode transparent

Setting device to VTP TRANSPARENT mode.



Switch(config)#vlan 10

Switch(config-vlan)#private-vlan primary

Switch(config-vlan)#private-vlan association 20,30



Switch(config)#vlan 20

Switch(config-vlan)#private-vlan community



Switch(config)#vlan 30

Switch(config-vlan)#private-vlan isolated



Primary VLAN

Switch(config-vlan)#int fa 0/1

Switch(config-if)#switchport mode private-vlan promiscuous

Switch(config-if)#switchport private-vlan mapping 10 20,30



Community VLAN

Switch(config-vlan)#int fa 0/3

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport private-vlan host 10 20



Isolated VLAN

Switch(config-vlan)#int fa 0/5

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport private-vlan host 10 30



if you want to add more port add in the community vlan just add the command per port

Switch(config-vlan)#int fa X/X or int range fa 0/1- 10

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport private-vlan host 10 20


if you want to add more port add in the Isolated vlan just add the command per port

Switch(config-vlan)#int fa 0/5

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport private-vlan host 10 30


show interface fa 0/20 switchport

show vlan private-vlan

show vlan private-vlan type


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)