Private Vlan IntroDuction and Configuration

Private VLAN Configuration

Ø  Allow us to permit and deny the access from ports and we using one subnet for all Vlans

Ø  In Private Vlan we just create a Primary Vlan

Ø  and Primary Vlan we add different Sub Vlan

Ø  These Vlan is isolated with each other

Ø  One subnet for all Vlans

3 Different kind of Sub Vlan

ü  Promiscuous

ü  Isolated

ü  Community

Ø  Isolated:-  vlan that cannot communicate with any vlans else they only reach promiscuous(router) port to access the internet

Ø  Promiscuous:- it can be reach with in private vlan and internet

Ø  Community:-community port can reach other thing with their community. They are communicate with each other in a same Community and able to reach promiscuous port to get out the internet

Private-Vlan Configuration

Ø  Switch(config)#vtp mode transparent

ü  Private vlan only be configured on transparent mode

Firstly we will configure primary VLAN configuration

Ø  Switch(config)#vlan 100

Ø  Switch(config-vlan)#private-vlan primary              (our primay Vlans for association)

Ø  Switch(config-vlan)#exit

Ø  Switch(config)#vlan 110

Ø  Switch(config-vlan)#private-vlan community         communicating with same vlan 110 and internet

Ø  Switch(config-vlan)#exit

Ø  Switch(config)#vlan 120

Ø  Switch(config-vlan)#private-vlan isolated                 communicate with gateway as well as internet}

Ø  Switch(config-vlan)#exit

Ø  Switch(config)#vlan 130

Ø  Switch(config-vlan)#private-vlan community          communicating  with same vlan 130 and internet

Ø  Switch(config-vlan)#exit

Now Associate Sub Vlan to a Primary vlan

Ø  Switch(config)#vlan 100

Ø  Switch(config-vlan)#private-vlan association 110,120,130

Ø  Switch(config-vlan)#exit

Now Associate the Port to VLAN

Ø  Switch(config)#interface range fastethernet 1/0 -1

Ø  Switch(config-if-range)#description CONNECTED WITH PC1 AND PC2

Ø  Switch(config-if-range)#switchport mode private-vlan host              (connected with PC)       

Ø  Switch(config-if-range)#switchport private-vlan host-association 100 110                {First primary vlan then followed by secondary vlans 110}

Ø  Switch(config-if-range)#exit

Ø  Switch(config)#interface fastethernet 1/3

Ø  Switch(config-if)#description CONNECTED WITH PC4

Ø  Switch(config-if)#switchport mode private-vlan host        

Ø  Switch(config-if)#switchport private-vlan host-association 100 120                      {  {First primary vlan then followed by secondary vlans 120}

Ø  Switch(config-if)#exit

Ø  Switch(config)#interface fastethernet 1/2

Ø  Switch(config-if)#description CONNECTED WITH PC3

Ø  Switch(config-if)#switchport mode private-vlan host                   

Ø  Switch(config-if)#switchport private-vlan host-association 100 130                      {First primary vlan then followed by secondary vlans 130}

Ø  Switch(config-if)#exit

Now we will configure the Promiscuous Port  

Implementing The Private-Vlans Switch Port 

Ø  Switch(config)#interface ethernet 0/0

Ø  Switch(config-if)#description CONNECTED WITH ROUTER

Ø  Switch(config-if)#switchport mode private-vlan promiscuous       reach everywhere   

Ø  Switch(config-if)#switchport private-vlan mapping 100 110,120,130         {First primary vlan then followed by secondary vlans}

Ø  Switch(config-if)#exit

Ø  R1(config)#interface fastEthernet 0/0

Ø  R1(config-if)#description CONNECTED WITH SWITCH

Ø  R1(config-if)#ip address 192.168.2.1 255.255.255.0

Ø  R1(config-if)#no shut

Ø  R1(config-if)#exit

Now test using PC1 PC2 PC3 and PC4

Ping PC1 to PC2         :- Successfully

Ping PC2 PC1             :- Successfully

Ping PC1 to PC3       :- Denied

Ping PC2 to PC4       :- Denied

All PC can ping Default gateway      : - Successfully ping

Click Here To Download The PDF File