Private VLAN Cisco IOS

From Teknologisk videncenter
Jump to: navigation, search

Promiscuous

A promiscuous port belongs to the primary VLAN and can communicate with all mapped ports in the primary VLAN, including community and isolated ports. There can be multiple promiscuous ports in a primary VLAN.

Isolated

An isolated port is a host port that belongs to an isolated secondary VLAN. An isolated port has complete isolation from other ports, except with associated promiscuous ports. You can have more than one isolated port in a specified isolated VLAN.

Community

A community port is a host port that belongs to a community secondary VLAN. Community ports communicate with other ports in the same community VLAN and with associated promiscuous ports. They are isolated from all ports in other community VLANs and all isolated ports.

Example

vlan 101
 private-vlan isolated
!
vlan 102
 private-vlan community
vlan 100
 private-vlan primary
 private-vlan association 101, 102
!

Interface GigabitEthernet 0/1
 switchport description Interface-to-router
 switchport mode private-vlan promiscuous
 swtichport private-vlan mapping 100 add 101, 102
!
Interface range GigabitEthernet 0/2 - 3
 switchport description End-users-in-Isolated-PVLAN
 switchport mode private-vlan host
 swtichport private-vlan host-association 100, 101
!
Interface range GigabitEthernet 0/4 - 5
 switchport description End-users-in-Community-PVLAN
 switchport mode private-vlan host
 swtichport private-vlan host-association 100, 102


Links