VLAN Types
- Primary VLAN
- Secondary VLANs
- Community
- Isolated
Port Types
- Promiscuous ports (goes with primary VLANs)
- community ports
- isolated ports
How it works
Association
- Switches that run PVs should be in TRANSPARENT mode ==> vtp mode transparent
- The Primary VLAN is associated with the Promiscuous port
- Secondary VLANs are associated with community and isolated vlans
-
Binding
- Step 1: Create the VLANs
vlan [XX]
private-vlan primary
!
vlan [AA]
private-vlan community
!
vlan [VV]
private-vlan isolated [NOTE: There can be only one isolated VLAN per Primary VLAN]
- Step 2: Associate VLANs with Primary VLAN
vlan [XX] <== get in to the primary VLAN
private-vlan association [XX] , [VV] <== associate isolated and community VLANs
- Step 3: Associate VLANs with prorts
interface Gi1/0/5
switchport private-vlan host-association [XX] [AA] <== associate community VLAN
switchport mode private-vlan host
!
interface Gi1/0/25
switchport private-vlan host-association [XX] [VV] <== associate issolated VLAN
switchport mode private-vlan host
!
interface Gi1/0/10
switchport private-vlan mapping [XX] [AA] [VV] <== mapping all secondary VLANs to the Primary
switchport mode private-vlan promiscuous
NOTE: The above command adds or removes VLAN from the private VLAN list.
interface Gi1/0/10
switchport private-vlan mapping [XX] add/remove [new VLAN]
Stuff To Note:
- For port association with hosts - when using question mark always use "host-association"
Rack1SW2(config-if)#switchport private-vlan ?
association Set the private VLAN association
host-association Set the private VLAN host association
mapping Set the private VLAN promiscuous mapping
- Configuration is straightforward
- Create the VLANs with its characteristics - i.e. Primary, Community and isolate
- Associate secondary VLANs with Primary
- Associate VLANs with ports
Show commands
sh vlan private-vlan
Example: Before ports being mapped
Rack1SW1#sh vlan private-vlan
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
28 isolated
281 primary
=================================
=================================
Example: After ports being mapped
LAB-SW2#sh vlan private-vlan
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
40 isolated
100 20 isolated Gi1/0/2, Gi1/0/6
100 30 community Gi1/0/2, Gi1/0/5
sh vlan private-vlan
Example: Before ports being mapped
Rack1SW1#sh vlan private-vlan
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
28 isolated
281 primary
=================================
=================================
Example: After ports being mapped
LAB-SW2#sh vlan private-vlan
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
40 isolated
100 20 isolated Gi1/0/2, Gi1/0/6
100 30 community Gi1/0/2, Gi1/0/5
No comments:
Post a Comment