Scribd Logo
Upload

Welcome to Scribd!

  • gs3700 Private Vlan

    Uploaded by

    Cuong Tran
    27 views19 pages

    Original Title

    gs3700_private_vlan

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views19 pages

    gs3700 Private Vlan

    Uploaded by

    Cuong Tran

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    Using a Private VLAN to Deploy Independent VLANs to Access the Internet

    Application Scenario
    The customer has an 8-storey building and would like to deploy a topology with
    following conditions:
    1. Switches located on every floor cannot communicate with each other.
    But they can access the Internet via the core switch.
    2. Clients from every floor cannot communicate with each other.
    For instance, Client A on Floor 8 cannot communicate with Client B on Floor 1.
    Besides, Client A and Client B can access the Internet via the core switch.
    In order to achieve the above conditions, we will use the Private VLAN feature to
    meet the requirements of the customer.

    Network Topology
    - Take Floor 1 and Floor 8 as an example.

    A C

    Floor 8

    Floor 1

    B D

    - Create an Isolated VLAN100 for Clients (A, B, C, D) on each GS3700-24 of Floor 1


    and Floor 8 to make clients under each GS3700-24 unable communicate with
    each other.
    - Create a Primary VLAN123 on each GS3700-24 located on Floor 1 and Floor 8 to
    access the core switch.

    1
    - On the core switch (XGS3700-24), we have to also enable Private VLAN to not
    allow each GS3700-24 cannot communicate with each other.
    The VLAN123 on each GS3700-24 equals to the Isolated VLAN123 for
    XGS3700-24.
    Therefore, we have created Isolated VLAN123 on XGS3700-24.
    - Finally, we have created a Primary VLAN200 on XGS3700-24 to allow the clients
    on every floor to access the Internet.

    Network Conditions
    From model name From port number To model name To port number
    GS3700-24 on Floor8 2 PC A N/A
    GS3700-24 on Floor8 3 PC B N/A
    GS3700-24 on Floor8 24 XGS3700-24 20
    GS3700-24 on Floor1 2 PC A N/A
    GS3700-24 on Floor1 3 PC B N/A
    GS3700-24 on Floor1 24 XGS3700-24 21
    XGS3700-24 24 DHCP server N/A

    2
    Configuration via Web GUI

    * GS3700-24 on Floor 8
    1. Configure an IP address on VLAN1 for GS3700-24.

    2. Configure VLAN1, normal port=2, 3, 24.

    3
    3. Create VLAN100 to be an Isolated VLAN, fixed port=2, 3 and the packets are
    untagged.

    4
    4. Configure PVID=100 for port 2 and port 3.

    5
    5. Create VLAN123 to be a Primary VLAN, fixed port=24 and the packets are tagged.

    6
    * GS3700-24 on Floor 1
    1. Configure an IP address on VLAN1 for GS3700-24.

    2. Configure VLAN1, normal port=2, 3, 24.

    7
    3. Create VLAN100 to be an Isolated VLAN, fixed port=2, 3 and the packets are
    untagged.

    8
    4. Configure PVID=100 for port 2 and port 3.

    9
    5. Create VLAN123 to be a Primary VLAN, fixed port=24 and the packets are tagged.

    10
    * XGS3700-24 (Core switch)
    1. Configure an IP address on VLAN1 for XGS3700-24.

    2. Configure VLAN1, normal port=20, 21, 24.

    11
    3. Create VLAN123 to be an Isolated VLAN, fixed port=20, 21 and the packets are
    tagged.

    12
    4. Create VLAN200 to be a Primary VLAN, fixed port=24 and the packets are
    untagged.

    5. Configure PVID=200 for port 24.

    13
    14
    CLI commands for configuring the settings

    *GS3700-24 on Floor 8
    1. Connect the console line to GS3700-24 on Floor 8 and login.
    Username: admin
    Password: 1234
    2. Configure an IP address for VLAN1 and normal port 2, 3, 24.
    GS3700-24# configure
    GS3700-24(config)# vlan 1
    GS3700-24(config)# name 1
    GS3700-24(config)# normal 2-3,24
    GS3700-24(config)# fixed 1,4-23,25-28
    GS3700-24(config)# untagged 1-28
    GS3700-24(config)# ip address 192.168.1.8 255.255.255.0
    GS3700-24(config)# exit
    3. Create VLAN 100 as an Isolated VLAN and fixed port 2, 3 as members.
    GS3700-24# configure
    GS3700-24(config)# vlan 100
    GS3700-24(config)# name vlan100
    GS3700-24(config)# private-vlan isolated
    GS3700-24(config)# fixed 2-3
    GS3700-24(config)# untagged 1-28
    GS3700-24(config)# exit
    4. Configure PVID=100 for port2, 3.
    GS3700-24(config)# interface port-channel 2-3
    GS3700-24(config)# pvid 100
    GS3700-24(config)# exit
    5. Create VLAN123 as a Primary VLAN and fixed port 24 as a member.
    GS3700-24(config)# vlan 123
    GS3700-24(config)# name vlan123
    GS3700-24(config)# private-vlan primary
    GS3700-24(config)# private-vlan association 100
    GS3700-24(config)# fixed 24
    GS3700-24(config)# untagged 1-23,25-28
    GS3700-24(config)# exit

    15
    *GS3700-24 on Floor 1
    1. Connect the console line to GS3700-24 on Floor 1 and login.
    Username: admin
    Password: 1234
    2. Configure an IP address for on VLAN1 and normal port 2, 3, 24.
    GS3700-24# configure
    GS3700-24(config)# vlan 1
    GS3700-24(config)# name 1
    GS3700-24(config)# normal 2-3,24
    GS3700-24(config)# fixed 1,4-23,25-28
    GS3700-24(config)# untagged 1-28
    GS3700-24(config)# ip address 192.168.1.1 255.255.255.0
    GS3700-24(config)# exit
    3. Create VLAN 100 as an Isolated VLAN and fixed port 2, 3 as members.
    GS3700-24(config)# vlan100
    GS3700-24(config)# name vlan100
    GS3700-24(config)# private-vlan isolated
    GS3700-24(config)# fixed 2-3
    GS3700-24(config)# untagged 1-28
    GS3700-24(config)# exit
    4. Configure PVID=100 for port2, 3.
    GS3700-24(config)# interface port-channel 2-3
    GS3700-24(config)# pvid 100
    GS3700-24(config)# exit
    5. Create VLAN123 as a Primary VLAN and fixed port 24 as a member.
    GS3700-24(config)# vlan 123
    GS3700-24(config)# name vlan123
    GS3700-24(config)# private-vlan primary
    GS3700-24(config)# private-vlan association 100
    GS3700-24(config)# fixed 24
    GS3700-24(config)# untagged 1-23,25-28
    GS3700-24(config)# exit

    16
    *XGS3700-24 (Core switch)
    1. Connect the console line to XGS3700-24 and login.
    Username: admin
    Password: 1234
    2. Configure an IP address for on VLAN1 and normal port 20, 21, 24.
    GS3700-24# configure
    GS3700-24(config)# vlan 1
    GS3700-24(config)# name 1
    GS3700-24(config)# normal 20-21,24
    GS3700-24(config)# fixed 1-19,22-23,25-28
    GS3700-24(config)# untagged 1-28
    GS3700-24(config)# ip address 192.168.1.111 255.255.255.0
    GS3700-24(config)# exit
    3. Create VLAN 123 as an Isolated VLAN and fixed port 20, 21 as members.
    GS3700-24(config)# vlan123
    GS3700-24(config)# name vlan123
    GS3700-24(config)# private-vlan isolated
    GS3700-24(config)# fixed 20-21
    GS3700-24(config)# untagged 1-19,22-28
    GS3700-24(config)# exit
    4. Create VLAN200 as a Primary VLAN and fixed port 24 as a member.
    GS3700-24(config)# vlan 200
    GS3700-24(config)# name vlan200
    GS3700-24(config)# private-vlan primary
    GS3700-24(config)# private-vlan association 123
    GS3700-24(config)# fixed 24
    GS3700-24(config)# untagged 1-28
    GS3700-24(config)# exit
    5. Configure PVID=200 for port24.
    GS3700-24(config)# configure
    GS3700-24(config)# interface port-channel 24
    GS3700-24(config)# pvid 200
    GS3700-24(config)# exit

    17
    Verification
    1. Client A on port 2 of GS3700-24 on Floor 8 can obtain the IP address from the
    DHCP server.

    2. Client B on port 2 of GS3700-24 on Floor 1 can obtain the IP address from the
    DHCP server.

    18
    3. Client A fails to ping Client B.

    19

    You might also like