Private VLAN Configuration
Ø Allow us to permit and deny the access from ports and
we using one subnet for all Vlans
Ø In Private Vlan we just create a Primary Vlan
Ø and Primary Vlan we add different Sub Vlan
Ø These Vlan is isolated with each other
Ø One subnet for all Vlans
3 Different kind of Sub Vlan
ü
Promiscuous
ü
Isolated
ü
Community
Ø Isolated:- vlan that cannot communicate with any vlans else they only
reach promiscuous(router) port to access the internet
Ø Promiscuous:- it can be reach with in private vlan and internet
Ø Community:-community port can reach other thing with their community. They are
communicate with each other in a same Community and able to reach promiscuous
port to get out the internet
Private-Vlan
Configuration
Ø Switch(config)#vtp mode transparent
ü
Private
vlan only be configured on transparent mode
Firstly we will configure primary VLAN configuration
Ø Switch(config)#vlan 100
Ø Switch(config-vlan)#private-vlan primary (our primay Vlans for association)
Ø Switch(config-vlan)#exit
Ø Switch(config)#vlan 110
Ø
Switch(config-vlan)#private-vlan
community
communicating with same vlan 110 and internet
Ø Switch(config-vlan)#exit
Ø Switch(config)#vlan 120
Ø
Switch(config-vlan)#private-vlan
isolated communicate
with gateway as well as internet}
Ø Switch(config-vlan)#exit
Ø Switch(config)#vlan 130
Ø
Switch(config-vlan)#private-vlan
community communicating with same vlan 130 and internet
Ø Switch(config-vlan)#exit
Now
Associate Sub Vlan to a Primary vlan
Ø Switch(config)#vlan 100
Ø Switch(config-vlan)#private-vlan association 110,120,130
Ø Switch(config-vlan)#exit
Now
Associate the Port to VLAN
Ø Switch(config)#interface range fastethernet 1/0 -1
Ø Switch(config-if-range)#description CONNECTED WITH PC1 AND PC2
Ø
Switch(config-if-range)#switchport
mode private-vlan host (connected with PC)
Ø
Switch(config-if-range)#switchport
private-vlan host-association 100 110 {First primary vlan then followed by secondary vlans 110}
Ø Switch(config-if-range)#exit
Ø Switch(config)#interface fastethernet 1/3
Ø Switch(config-if)#description CONNECTED
WITH PC4
Ø Switch(config-if)#switchport mode private-vlan host
Ø
Switch(config-if)#switchport
private-vlan host-association 100 120 {
Ø Switch(config-if)#exit
Ø Switch(config)#interface fastethernet 1/2
Ø Switch(config-if)#description CONNECTED
WITH PC3
Ø
Switch(config-if)#switchport
mode private-vlan host
Ø
Switch(config-if)#switchport
private-vlan host-association 100 130 {First primary vlan then followed by secondary vlans 130}
Ø Switch(config-if)#exit
Now we will configure the Promiscuous Port
Implementing The Private-Vlans Switch Port
Ø Switch(config)#interface ethernet 0/0
Ø Switch(config-if)#description CONNECTED
WITH ROUTER
Ø
Switch(config-if)#switchport
mode private-vlan promiscuous reach everywhere
Ø
Switch(config-if)#switchport
private-vlan mapping 100 110,120,130
{First primary vlan then followed by secondary vlans}
Ø Switch(config-if)#exit
Ø R1(config)#interface fastEthernet 0/0
Ø R1(config-if)#description CONNECTED
WITH SWITCH
Ø R1(config-if)#ip address 192.168.2.1 255.255.255.0
Ø R1(config-if)#no shut
Ø R1(config-if)#exit
Now test using PC1 PC2 PC3 and PC4
Ping PC1 to PC2 :-
Successfully
Ping PC2 PC1 :-
Successfully
Ping PC1 to PC3 :- Denied
Ping PC2 to PC4 :- Denied
All PC can ping Default gateway : - Successfully ping
CCNA Complete Course
ReplyDeleteGreat Article
ReplyDeleteCyber Security Projects
projects for cse
Networking Security Projects
JavaScript Training in Chennai
JavaScript
Training in Chennai
The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals,
Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer.
Angular Training