Private VLANs
October 3, 2008 at 11:54 am | In Switching | Leave a CommentThe Scenario is from the IE blog
Private VLAN Diagram (from IE blog)
Configuration:
SW1# ! vlan 1000 private-vlan primary private-vlan association 1012,1034,1055 ! Association of private VLAN members (Secondary) to the Primary VLAN ! needs to be defined here, and AGAIN under the Interface switch port ! vlan 1012 private-vlan community ! vlan 1034 private-vlan community ! vlan 1055 private-vlan isolated ! ! ! interface FastEthernet0/1 ! switchport access vlan 1000 ! MOT required switchport private-vlan host-association 1000 1012 ! Primary followed by member(s) switchport mode private-vlan host ! interface FastEthernet0/3 ! switchport access vlan 1000 switchport private-vlan host-association 1000 1034 switchport mode private-vlan host ! interface FastEthernet0/5 switchport access vlan 1000 switchport private-vlan host-association 1000 1055 switchport mode private-vlan host ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk SW2# ! vlan 1000 private-vlan primary private-vlan association 1012,1034,1055 ! vlan 1012 private-vlan community ! vlan 1034 private-vlan community ! vlan 1055 private-vlan isolated ! ! interface FastEthernet0/2 switchport private-vlan host-association 1000 1012 switchport mode private-vlan host ! interface FastEthernet0/4 switchport private-vlan host-association 1000 1034 switchport mode private-vlan host ! interface FastEthernet0/6 switchport private-vlan mapping 1000 1012,1034,1055 switchport mode private-vlan promiscuous ! ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk !
Verification
Before applying the Private VLAN configuration, make sure that we have reachability across all end points of the VLAN.
Once Private VLAN is applied,
SW1#sh vlan id 1000 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1000 VLAN1000 active Fa0/13 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1000 enet 101000 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ 1000 1012 community Fa0/1 1000 1034 community Fa0/3 1000 1055 isolated Fa0/5 SW1#sh vlan id 1012 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1012 VLAN1012 active Fa0/13 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1012 enet 101012 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ 1000 1012 community Fa0/1 SW1#sh vlan id 1034 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1034 VLAN1034 active Fa0/13 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1034 enet 101034 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ 1000 1034 community Fa0/3 SW2#sh vlan id 1000 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1000 VLAN1000 active Fa0/13 VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1000 enet 101000 1500 - - - - - 0 0 Remote SPAN VLAN ---------------- Disabled Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ 1000 1012 community Fa0/2, Fa0/6 1000 1034 community Fa0/4, Fa0/6 1000 1055 isolated Fa0/6 R1#bp Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds: Reply to request 0 from 10.0.0.2, 4 ms Reply to request 0 from 10.0.0.6, 4 ms R2#bp Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds: Reply to request 0 from 10.0.0.1, 1 ms Reply to request 0 from 10.0.0.6, 1 ms R3#bp Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds: Reply to request 0 from 10.0.0.6, 4 ms Reply to request 0 from 10.0.0.4, 4 ms R4#bp Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds: Reply to request 0 from 10.0.0.6, 4 ms Reply to request 0 from 10.0.0.3, 4 ms R5#bp Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds: Reply to request 0 from 10.0.0.6, 4 ms R6#bp Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds: Reply to request 0 from 10.0.0.2, 1 ms Reply to request 0 from 10.0.0.5, 4 ms Reply to request 0 from 10.0.0.3, 4 ms Reply to request 0 from 10.0.0.4, 4 ms Reply to request 0 from 10.0.0.1, 1 ms
Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.
