Network Requirements
- PC1 and PC2 belong to secondary VLAN2, PC3 and PC4 belong to secondary VLAN3, and Server belongs to primary VLAN4.
- PVLAN is configured on Device. Then, interconnection is allowed within secondary VLAN 2, isolation is implemented within secondary VLAN3, secondary VLAN2 and secondary VLAN3 are isolated from each other, and secondary VLAN2 and secondary VLAN3 can interconnect with primary VLAN4.
Network Topology
Figure 6-1 Networking for Configuring a PVLAN
Configuration Steps
Step 1: Configure VLANs on Device.
#On Device, create VLAN2-VLAN4.
|
Device#configure terminal
Device(config)#vlan 2-4
|
Step 2: On Device, configure the PVLAN function.
#On Device, configure VLAN4 to primary VLAN, configure VLAN2 to community VLAN, and configure VLAN3 to isolated VLAN.
|
Device(config)#vlan 4
Device(config-vlan4)#private-vlan primary
Device(config-vlan4)#vlan 2
Device(config-vlan2)#private-vlan community
Device(config-vlan2)#vlan 3
Device(config-vlan3)#private-vlan isolated
Device(config-vlan3)#exit
|
#On Device, associate primary VLAN4 with community VLAN2 and isolated VLAN3.
|
Device(config)#vlan 4
Device(config-vlan4)#private-vlan association add 2,3
Device(config-vlan4)#exit
|
#On Device, configure the link type of ports gigabitethernet0/1 and gigabitethernet0/2 to Host, and add the ports into secondary VLAN2.
|
Device(config)#interface gigabitethernet 0/1-0/2
Device(config-if-range)#switchport mode private-vlan host
Device(config-if-range)#private-vlan host 2
Device(config-if-range)#exit
|
#On Device, configure the link type of ports gigabitethernet0/3 and gigabitethernet0/4 to Host, and add the ports into secondary VLAN3.
|
Device(config)#interface gigabitethernet 0/3-0/4
Device(config-if-range)#switchport mode private-vlan host
Device(config-if-range)#private-vlan host 3
Device(config-if-range)#exit
|
#On Device, configure the link type of port gigabitethernet0/5 to Promiscuous, and add the ports into primary VLAN4.
|
Device(config)#interface gigabitethernet 0/5
Device(config-if-gigabitethernet0/5)#switchport mode private-vlan promiscuous
Device(config-if-gigabitethernet0/5)#private-vlan promiscuous 4
Device(config-if-gigabitethernet0/5)#exit
|
Step 3: Check the result.
#Query the PVLAN information on Device.
Device#show private-vlan
--- -------- ---------------- ------------------ ----------------------------- -----------------------
NO. Primary Secondary Type Interface(Primary) Interface(Secondary)
--- -------- ---------------- ------------------ ----------------------------- -----------------------
1 4 3 isolated gi0/5 gi0/3 gi0/4
2 4 2 community gi0/5 gi0/1 gi0/2
#PC1 and PC2 in community VLAN2 can ping each other successfully.
#PC3 and PC4 in isolated VLAN3 can ping each other successfully.
#PC1 and PC2 in community VLAN2 and PC3 and PC4 in isolated VLAN3 cannot ping each other.
#PC1 and PC2 in community VLAN2 can ping Server successfully.
#PC3 and PC4 in isolated VLAN3 can ping Server successfully.
Switch
.png){kind=icon}
.png){kind=logo}
.jpg)
.png){kind=logo}
