nsakind.blogg.se - Dma softlab radius manager 4.1 6

On the interface level I need to tell the switch that these are host ports by issuing the switchport mode private-vlan host command. Interface fa0/1 and fa0/2 are connected to H1 and H2 and belong to the community VLAN 501. SW1(config-if-range)# switchport private-vlan host-association 500 501 SW1(config-if-range)# switchport mode private-vlan host Last but not least I need to tell the switch that VLAN 501 is a secondary VLAN by using the private-vlan association command. Secondly I am creating VLAN 500 and configuring it as the primary VLAN with the private-vlan primary command. First I create VLAN 501 and tell the switch that this is a community VLAN by typing the private-vlan community command. Let’s start with the configuration of the community VLAN. SW1(config-vlan)# private-vlan association add 501 Let’s get started! SW1(config)# vtp mode transparentĬonfiguring private VLANs requires us to change the VTP mode to Transparent.

The server should be able to reach all ports.

H3 and H4 in the isolated VLAN can only communicate with the server on the promiscuous port.

H1 and H2 in the community VLAN should be able to reach each other and also the server connected to the promiscuous port.

I just made up these VLAN numbers you can use whatever you like.

The secondary isolated VLAN has number 502.

The secondary community VLAN has number 501.

Isolated VLAN: All ports within the isolated VLAN are unable to communicate with each other but they can communicate with the promiscuous port.

Community VLAN: All ports within the community VLAN are able to communicate with each other and the promiscuous port.

Within the primary VLAN you will encounter one or more secondary VLANs, there are two types: All other ports are able to communicate with the promiscuous port. In my picture above you can see that there’s a router connected to a promiscuous port. Within the primary VLAN you will find the promiscuous port. The private VLAN always has one primary VLAN. I’m going to break it down and explain to you how it works. Many network students believe private VLANs are very complex when they see this for the first time.

Having said that, let’s get started with a nice topology picture: If you have no idea what a protected port or VLAN is, I highly recommend to read my previous lesson first. This time we will look at the private VLAN which I can best describe as protected ports on steroids.

In a previous lesson, I explained the protected port feature on Cisco Catalyst Switches.