We have 3 kinds of ports of the PVLAN
- Promiscuous port - allow communication between different PVLAN
- Isolated port - do not allow to communicate between host inside PVLAN except Promiscuous port
- Community port - allow communication between host inside PVLAN but not to hosts in other PVLANs.
Configuration Example
Configure VLAN 100 as a primary, VLAN 101 as an isolated VLAN, and VLAN 102 as a community VLAN.
**Note**
Private VLANs can only be configured when VTP is in transparent mode.
vtp mode transparent
**Note**
Private VLANs can only be configured when VTP is in transparent mode.
vtp mode transparent
vlan 100
private-vlan primary
vlan 101
private-vlan isolated
vlan 102
private-vlan community
Associate each private VLAN to primary VLAN
vlan 100
private-vlan association 101-102
Assign Private VLAN to ports
//Assign f0/2 as a host port in sub VLAN 101 (Isolated)
interface f0/2
switchport mode private-vlan host
switchport private-vlan host-association 100 101
//Assign f0/3 as a host port in sub VLAN 102 (Community)
interface f0/3
switchport mode private-vlan host
switchport private-vlan host-association 100 102
//Assign f0/1 (Uplink port to the router) as a promiscuous
interface f0/1
switchport mode private-vlan promiscuous
switchport private-vlan mapping 100 101-102
Verify Configuration
Switch#sh vlan private-vlan
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
100 101 isolated Fa0/1, Fa0/2
100 102 community Fa0/1, Fa0/3
Switch#sh int status
Port Name Status Vlan Duplex Speed Type
Fa0/1 notconnect 100 auto auto 10/100BaseTX
Fa0/2 notconnect 100,101 auto auto 10/100BaseTX
Fa0/3 notconnect 100,102 auto auto 10/100BaseTX
Fa0/4 notconnect 1 auto auto 10/100BaseTX
Fa0/5 notconnect 1 auto auto 10/100BaseTX
Reference
No comments:
Post a Comment