Private Vlans


Quick post on how to configure Private Vlans on a switch

private_vlans

In private VLANs we pair a primary VLAN with a secondary VLAN. Primary VLANs are the normal ordinary VLANs and secondary VLANs use the same VLAN ID range and are defined in the same manner as primary VLANs, but they operate as secondary VLANs in one of two modes:

•Isolated – Hosts in this vlan cannot communicate with each other or with hosts ports in any other private VLANs.

•Community – Hosts in this vlan attached to community ports can communicate with each other , but not with hosts ports in other private VLANs.

An access port assigned to a private VLAN operates in one of two modes:

•Host – The port inherits its behavior from the type of private VLAN it is assigned to.

•Promiscuous – The port can communicate with any other private VLAN port in the same primary VLAN.

Private_Vlan_Switch#conf t
Private_Vlan_Switch(config)#vtp mode transparent
Private_Vlan_Switch(config)#vlan 200
Private_Vlan_Switch(config-vlan)#private-vlan primary

Private_Vlan_Switch(config)#vlan 205
Private_Vlan_Switch(config-vlan)#private-vlan community

Private_Vlan_Switch(config)#vlan 210
Private_Vlan_Switch(config-vlan)#private-vlan isolated

Private_Vlan_Switch(config)#vlan 200
Private_Vlan_Switch(config-vlan)#private vlan association 205,210

Private_Vlan_Switch(config)#int fa0/1
Private_Vlan_Switch(config-if)#switchport mode private-vlan host
Private_Vlan_Switch(config-if)#switport private-vlan host association 200 205

Private_Vlan_Switch(config)#int fa2/0
Private_Vlan_Switch(config-if)#switchport mode private-vlan host
Private_Vlan_Switch(config-if)#switport private-vlan host association 200 205

Private_Vlan_Switch(config)#int fa3/0
Private_Vlan_Switch(config-if)#switchport mode private-vlan host
Private_Vlan_Switch(config-if)#switchport private-vlan host association 200 210

Private_Vlan_Switch(config)#int fa0/0
Private_Vlan_Switch(config-if)#switchport mode private-vlan promiscuous
Private_Vlan_Switch(config-if)#switchport private-vlan mapping 200 205,210

Private_Vlan_Switch#show vlan private-vlan

Just found this post on INE webpage made by Petr Lapukhov  http://blog.ine.com/2008/07/14/private-vlans-revisited/ where after you’ve read and labbed it you cant go wrong with Private Vlans cause in the end the concept is really simple and logical.

Enjoy !

Tom

Advertisements