P. 1
Private VLANs

Private VLANs

|Views: 8|Likes:
Published by AlexShear
Computer Networks, Virtual private networks
Computer Networks, Virtual private networks

More info:

Published by: AlexShear on Mar 25, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/19/2014

pdf

text

original

Lab 16 - Private Vlans

R1

R2

E 0/0 E 0/0

SW1

E 0/0 R3

E 0/0 R4

Interface IP Address Configuration R1 Interface E 0/0 R2 Interface E 0/0 R3 Interface E 0/0 R4 Interface E 0/0 IP Address 150.1.60.4 Subnet Mask 255.255.255.0 IP Address 150.1.60.3 Subnet Mask 255.255.255.0 IP Address 150.1.60.2 Subnet Mask 255.255.255.0 IP Address 150.1.60.1 Subnet Mask 255.255.255.0

Page 55 of 92
Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: anderson@netmetric-solutions.com

PDF Created with deskPDF PDF Writer - Trial :: http://www.docudesk.com

Task 1 Configure VTP Transparent mode in SW1 and create the following configuration: Vlan 60 as Private-Vlan Primary (R1) Vlan 80 as Private-Vlan Community (R2 and R3) Vlan 100 as Private-Vlan Isolated (R4) Also configure the IP Address in the Routers stated in the diagram above. Interface on SW1 Fa0/1 Fa0/2 Fa0/3 Fa0/4 Private-vlan Mode Promiscuous Host Host Host Primary Vlan Vlan 60 Vlan 60 Vlan 60 Vlan 60 Secondary Vlans Vlan 80 and Vlan 100 Vlan 80 Vlan 80 Vlan 100

On SW1 ! Vtp mode transparent ! Vlan 60 Private-vlan primary ! Vlan 80 Private-vlan community ! Vlan 100 Private-vlan isolated ! Vlan 60 Private-vlan association add 80, 100 ! Interface Fastethernet0/1 Switchport mode private-vlan promisc Switchport private-vlan mapping 60 add 80 , 100 ! Interface Fastethernet0/2 Switchport mode private-vlan host Switchport private-vlan host-assoc 60 80 ! Interface Fastethernet0/3 Switchport mode private-vlan host Switchport private-vlan host-assoc 60 80 ! Interface Fastethernet0/4 Switchport mode private-vlan host Switchport private-vlan host-assoc 60 100
Page 56 of 92
Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: anderson@netmetric-solutions.com

PDF Created with deskPDF PDF Writer - Trial :: http://www.docudesk.com

Output of command: R2: ! R2 should be able to ping only R3 and R1 Ping 150.1.60.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 150.1.60.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Ping 150.1.60.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 150.1.60.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

R4: ! R4 should be able to ping only R1 Ping 150.1.60.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 150.1.60.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Explanation:

Private VLANs provide Layer 2 isolation between ports within the same private VLAN. There are three types of private VLAN ports: • Promiscuous—A promiscuous port can communicate with all interfaces, including the community and isolated ports within a private VLAN. • Isolated—An isolated port has complete Layer 2 separation from other ports within the same private VLAN except for the promiscuous port. Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports.
Page 57 of 92
Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: anderson@netmetric-solutions.com

PDF Created with deskPDF PDF Writer - Trial :: http://www.docudesk.com

• Community—Community ports communicate among themselves and with their promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other communities or isolated ports within their private VLAN. NOTE: Because trunks can support the VLANs carrying traffic between isolated, community, and promiscuous ports, isolated and community port traffic might enter or leave the switch through a trunk interface. Private VLAN ports are associated with a set of supporting VLANs that are used to create the private VLAN structure. A private VLAN uses VLANs three ways: • Primary VLAN—Carries traffic from promiscuous ports to isolated, community, and other promiscuous ports. • Isolated VLAN—Carries traffic from isolated ports to promiscuous ports.

• Community VLAN—Carries traffic between community ports and to promiscuous ports. You can configure multiple community VLANs in a private VLAN. NOTE: Isolated and community VLANs are both called secondary VLANs.

A promiscuous port can serve only one primary VLAN and can serve as many isolated or community VLANs as desired

Page 58 of 92
Copyrights Netmetric Solutions 2006-2010 Website: http://www.netmetric-solutions.com; Email: anderson@netmetric-solutions.com

PDF Created with deskPDF PDF Writer - Trial :: http://www.docudesk.com

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->