Private VLAN Configuration
Ø Allow us to permit and deny the access from ports and
we using one subnet for all Vlans
Ø In Private Vlan we just create a Primary Vlan
Ø and Primary Vlan we add different Sub Vlan
Ø These Vlan is isolated with each other
Ø One subnet for all Vlans
3 Different kind of Sub Vlan
ü
Promiscuous
ü
Isolated
ü
Community
Ø Isolated:- vlan that cannot communicate with any vlans else they only
reach promiscuous(router) port to access the internet
Ø Promiscuous:- it can be reach with in private vlan and internet
Ø Community:-community port can reach other thing with their community. They are
communicate with each other in a same Community and able to reach promiscuous
port to get out the internet
Private-Vlan
Configuration
Ø Switch(config)#vtp mode transparent
ü
Private
vlan only be configured on transparent mode
Firstly we will configure primary VLAN configuration
Ø Switch(config)#vlan 100
Ø Switch(config-vlan)#private-vlan primary (our primay Vlans for association)
Ø Switch(config-vlan)#exit
Ø Switch(config)#vlan 110
Ø
Switch(config-vlan)#private-vlan
community
communicating with same vlan 110 and internet
Ø Switch(config-vlan)#exit
Ø Switch(config)#vlan 120
Ø
Switch(config-vlan)#private-vlan
isolated communicate
with gateway as well as internet}
Ø Switch(config-vlan)#exit
Ø Switch(config)#vlan 130
Ø
Switch(config-vlan)#private-vlan
community communicating with same vlan 130 and internet
Ø Switch(config-vlan)#exit
Now
Associate Sub Vlan to a Primary vlan
Ø Switch(config)#vlan 100
Ø Switch(config-vlan)#private-vlan association 110,120,130
Ø Switch(config-vlan)#exit
Now
Associate the Port to VLAN
Ø Switch(config)#interface range fastethernet 1/0 -1
Ø Switch(config-if-range)#description CONNECTED WITH PC1 AND PC2
Ø
Switch(config-if-range)#switchport
mode private-vlan host (connected with PC)
Ø
Switch(config-if-range)#switchport
private-vlan host-association 100 110 {First primary vlan then followed by secondary vlans 110}
Ø Switch(config-if-range)#exit
Ø Switch(config)#interface fastethernet 1/3
Ø Switch(config-if)#description CONNECTED
WITH PC4
Ø Switch(config-if)#switchport mode private-vlan host
Ø
Switch(config-if)#switchport
private-vlan host-association 100 120 {
Ø Switch(config-if)#exit
Ø Switch(config)#interface fastethernet 1/2
Ø Switch(config-if)#description CONNECTED
WITH PC3
Ø
Switch(config-if)#switchport
mode private-vlan host
Ø
Switch(config-if)#switchport
private-vlan host-association 100 130 {First primary vlan then followed by secondary vlans 130}
Ø Switch(config-if)#exit
Now we will configure the Promiscuous Port
Implementing The Private-Vlans Switch Port
Ø Switch(config)#interface ethernet 0/0
Ø Switch(config-if)#description CONNECTED
WITH ROUTER
Ø
Switch(config-if)#switchport
mode private-vlan promiscuous reach everywhere
Ø
Switch(config-if)#switchport
private-vlan mapping 100 110,120,130
{First primary vlan then followed by secondary vlans}
Ø Switch(config-if)#exit
Ø R1(config)#interface fastEthernet 0/0
Ø R1(config-if)#description CONNECTED
WITH SWITCH
Ø R1(config-if)#ip address 192.168.2.1 255.255.255.0
Ø R1(config-if)#no shut
Ø R1(config-if)#exit
Now test using PC1 PC2 PC3 and PC4
Ping PC1 to PC2 :-
Successfully
Ping PC2 PC1 :-
Successfully
Ping PC1 to PC3 :- Denied
Ping PC2 to PC4 :- Denied
All PC can ping Default gateway : - Successfully ping
CCNA Complete Course
ReplyDelete