Difference between revisions of "Private VLAN Cisco IOS"
From Teknologisk videncenter
m (Created page with "==Links== *[http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/54sg/configuration/guide/config/pvlans.html#wp1167271 Cisco - Configuring Private VLANs] *[https:/...") |
m |
||
Line 1: | Line 1: | ||
+ | ==Promiscuous== | ||
+ | A promiscuous port belongs to the primary VLAN and can communicate with all mapped ports in the primary VLAN, including community and isolated ports. | ||
+ | There can be multiple promiscuous ports in a primary VLAN. | ||
+ | ==Isolated== | ||
+ | An isolated port is a host port that belongs to an isolated secondary VLAN. | ||
+ | An isolated port has complete isolation from other ports, except with associated promiscuous ports. | ||
+ | You can have more than one isolated port in a specified isolated VLAN. | ||
+ | ==Community== | ||
+ | A community port is a host port that belongs to a community secondary VLAN. | ||
+ | Community ports communicate with other ports in the same community VLAN and with associated promiscuous ports. | ||
+ | They are isolated from all ports in other community VLANs and all isolated ports. | ||
+ | ==Example== | ||
+ | <source lang=cli> | ||
+ | vlan 101 | ||
+ | private-vlan isolated | ||
+ | ! | ||
+ | vlan 102 | ||
+ | private-vlan community | ||
+ | vlan 100 | ||
+ | private-vlan primary | ||
+ | private-vlan association 101, 102 | ||
+ | ! | ||
+ | |||
+ | Interface GigabitEthernet 0/1 | ||
+ | switchport description Interface-to-router | ||
+ | switchport mode private-vlan promiscuous | ||
+ | swtichport private-vlan mapping 100 add 101, 102 | ||
+ | ! | ||
+ | Interface range GigabitEthernet 0/2 - 3 | ||
+ | switchport description End-users-in-Isolated-PVLAN | ||
+ | switchport mode private-vlan host | ||
+ | swtichport private-vlan host-association 100, 101 | ||
+ | ! | ||
+ | Interface range GigabitEthernet 0/4 - 5 | ||
+ | switchport description End-users-in-Community-PVLAN | ||
+ | switchport mode private-vlan host | ||
+ | swtichport private-vlan host-association 100, 102 | ||
+ | </source> | ||
+ | |||
+ | |||
==Links== | ==Links== | ||
*[http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/54sg/configuration/guide/config/pvlans.html#wp1167271 Cisco - Configuring Private VLANs] | *[http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/54sg/configuration/guide/config/pvlans.html#wp1167271 Cisco - Configuring Private VLANs] | ||
*[https://supportforums.cisco.com/discussion/10972121/private-vlan-trunking-question - Cisco Discussion on Private VLAN] | *[https://supportforums.cisco.com/discussion/10972121/private-vlan-trunking-question - Cisco Discussion on Private VLAN] | ||
*[http://blog.ine.com/tag/private-vlan/ Private VLAN tagging] | *[http://blog.ine.com/tag/private-vlan/ Private VLAN tagging] |
Latest revision as of 07:31, 12 December 2017
Contents
Promiscuous
A promiscuous port belongs to the primary VLAN and can communicate with all mapped ports in the primary VLAN, including community and isolated ports. There can be multiple promiscuous ports in a primary VLAN.
Isolated
An isolated port is a host port that belongs to an isolated secondary VLAN. An isolated port has complete isolation from other ports, except with associated promiscuous ports. You can have more than one isolated port in a specified isolated VLAN.
Community
A community port is a host port that belongs to a community secondary VLAN. Community ports communicate with other ports in the same community VLAN and with associated promiscuous ports. They are isolated from all ports in other community VLANs and all isolated ports.
Example
vlan 101
private-vlan isolated
!
vlan 102
private-vlan community
vlan 100
private-vlan primary
private-vlan association 101, 102
!
Interface GigabitEthernet 0/1
switchport description Interface-to-router
switchport mode private-vlan promiscuous
swtichport private-vlan mapping 100 add 101, 102
!
Interface range GigabitEthernet 0/2 - 3
switchport description End-users-in-Isolated-PVLAN
switchport mode private-vlan host
swtichport private-vlan host-association 100, 101
!
Interface range GigabitEthernet 0/4 - 5
switchport description End-users-in-Community-PVLAN
switchport mode private-vlan host
swtichport private-vlan host-association 100, 102