This document discusses private VLANs (pVLANs) which provide isolation between ports within the same network. It defines primary and secondary VLANs, with the primary being the high-level VLAN and secondary VLANs belonging to its subnet. Secondary VLANs include community and isolated types. The document provides examples of configuring a switch into transparent mode and defining primary/secondary VLANs and their associations. It also gives configurations for assigning ports to promiscuous, community, and isolated pVLANs.
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
CCNP SWITCH PORTABLE STUDY GUIDE & PRACTICE WORK BOOK
1. Anuj Kumar
ciscobulls@gmail.com
CCNP SWITCH
PORTABLE STUDY GUIDE
&
PRACTICE WORK BOOK
ANUJ KUMAR
email:- ciscobulls@gmail.com
anuj_dev007@yahoo.com
networkbulls.com
2. Anuj Kumar
ciscobulls@gmail.com
Private Vlan
Feature:-
Private Vlan provides isolation between ports within the same network.
It’s provided security and reduces the number of IP subnet.
pVLANs require VTP switches to be in transparent mode.
pVLANs can span multiple switches that support the pVLAN’s trunking feature.
Example: - Service providers use pVLANs to deploy hosting services and network access where all devices reside in
the same subnet but only communicate to a default gateway, servers or another network.
PRIVATE VLAN CONSIST TWO TYPES OF VLAN.
1: - Primary VLAN (Promiscuous is also called Primary VLAN)
It is called high level VLAN.
It can have many secondary VLANs
Secondary VLANs belong to same subnet as primary VLAN.
2: - Secondary VLAN
It is child VLAN to primary VLAN.
All end devices belong to a secondary VLAN.
TWO TYPES OF SECONDARY VLAN.
1:- Community VLANS
These ports communicate with other ports in the same community but not another community VLAN port,
and (Primary VLAN Ports) promiscuous port.
2: - Isolated VLANS
These ports can only communicate with promiscuous ports.
Note: -These ports can not communicate with other port in the same isolated.
3. Anuj Kumar
ciscobulls@gmail.com
Configuration of Private VLAN: -
Configure switch as an in transparent mode
Switch(config)#vtp mode transparent
Configure Primary VLAN
Switch(config)# vlan 100
Switch(config-vlan)# private-vlan primary
Configure Secondary VLANs (two community, one isolated)
Switch(config)# vlan 200
Switch(config-vlan)# private-vlan community
Switch(config)# vlan 300
Switch(config-vlan)# private-vlan community
Switch(config)# vlan 400
Switch(config-vlan)# private-vlan isolated
Associate secondary VLANs to primary VLAN
4. Anuj Kumar
ciscobulls@gmail.com
Switch(config)# vlan 100
Switch(config-vlan)# private-vlan association 200,300,400
Configure access ports for promiscuous mode.
Switch(config)# interface range fa 0/7 – 8
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)#switchport private-vlan mapping 100 200,300,400
Switch(config-if)# exit
Configure access ports for community-A pVLANs.
Switch(config)# interface range fa 0/1 – 2
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 200
Switch(config-if)# exit
Configure access ports for community-B pVLANs.
Switch(config)# interface range fa 0/3 – 4
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 300
Switch(config-if)# exit
Configure access ports for Isolated pVLANs.
Switch(config)# interface range fa 0/5 – 6
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 400
Switch(config-if)# exit
Verify commands: -
Switch#show vlan private-vlan
Switch#show vlan private-vlan type