Private VLANs

October 3, 2008 at 11:54 am | Posted in Switching | Leave a comment
The Scenario is from the IE blog
Private VLAN Diagram (from IE blog)

Private VLAN Diagram (from IE blog)

Configuration:

SW1#
!
vlan 1000
  private-vlan primary
  private-vlan association 1012,1034,1055
! Association of private VLAN members (Secondary) to the Primary VLAN
! needs to be defined here, and AGAIN under the Interface switch port
!
vlan 1012
  private-vlan community
!
vlan 1034
  private-vlan community
!
vlan 1055
  private-vlan isolated
!
!
!
interface FastEthernet0/1
! switchport access vlan 1000 ! MOT required 
 switchport private-vlan host-association 1000 1012 
                              ! Primary followed by member(s)
 switchport mode private-vlan host
!
interface FastEthernet0/3
! switchport access vlan 1000
 switchport private-vlan host-association 1000 1034
 switchport mode private-vlan host
!
interface FastEthernet0/5
 switchport access vlan 1000
 switchport private-vlan host-association 1000 1055
 switchport mode private-vlan host
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk

SW2#
!
vlan 1000
  private-vlan primary
  private-vlan association 1012,1034,1055
!
vlan 1012
  private-vlan community
!
vlan 1034
  private-vlan community
!
vlan 1055
  private-vlan isolated
!
!
interface FastEthernet0/2
 switchport private-vlan host-association 1000 1012
 switchport mode private-vlan host
!
interface FastEthernet0/4
 switchport private-vlan host-association 1000 1034
 switchport mode private-vlan host
!
interface FastEthernet0/6
 switchport private-vlan mapping 1000 1012,1034,1055
 switchport mode private-vlan promiscuous
!
!
interface FastEthernet0/13
 switchport trunk encapsulation dot1q
 switchport mode trunk
!

Verification

Before applying the Private VLAN configuration, make sure that we have reachability across all end points of the VLAN.

Once Private VLAN is applied,

SW1#sh vlan id 1000

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1000 VLAN1000                         active    Fa0/13

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1000 enet  101000     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
1000    1012      community         Fa0/1
1000    1034      community         Fa0/3
1000    1055      isolated          Fa0/5

SW1#sh vlan id 1012

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1012 VLAN1012                         active    Fa0/13

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1012 enet  101012     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
1000    1012      community         Fa0/1

SW1#sh vlan id 1034

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1034 VLAN1034                         active    Fa0/13

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1034 enet  101034     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
1000    1034      community         Fa0/3

SW2#sh vlan id 1000

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1000 VLAN1000                         active    Fa0/13

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1000 enet  101000     1500  -      -      -        -    -        0      0   

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
1000    1012      community         Fa0/2, Fa0/6
1000    1034      community         Fa0/4, Fa0/6
1000    1055      isolated          Fa0/6

R1#bp                                

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.2, 4 ms
Reply to request 0 from 10.0.0.6, 4 ms

R2#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.1, 1 ms
Reply to request 0 from 10.0.0.6, 1 ms

R3#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.6, 4 ms
Reply to request 0 from 10.0.0.4, 4 ms

R4#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.6, 4 ms
Reply to request 0 from 10.0.0.3, 4 ms

R5#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.6, 4 ms

R6#bp

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 255.255.255.255, timeout is 1 seconds:

Reply to request 0 from 10.0.0.2, 1 ms
Reply to request 0 from 10.0.0.5, 4 ms
Reply to request 0 from 10.0.0.3, 4 ms
Reply to request 0 from 10.0.0.4, 4 ms
Reply to request 0 from 10.0.0.1, 1 ms
Advertisements

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: