Tuesday, July 7, 2015

Private Vlan IntroDuction and Configuration


Private VLAN Configuration

Ø  Allow us to permit and deny the access from ports and we using one subnet for all Vlans
Ø  In Private Vlan we just create a Primary Vlan
Ø  and Primary Vlan we add different Sub Vlan
Ø  These Vlan is isolated with each other

Ø  One subnet for all Vlans

3 Different kind of Sub Vlan
ü  Promiscuous
ü  Isolated
ü  Community
Ø  Isolated:-  vlan that cannot communicate with any vlans else they only reach promiscuous(router) port to access the internet
Ø  Promiscuous:- it can be reach with in private vlan and internet
Ø  Community:-community port can reach other thing with their community. They are communicate with each other in a same Community and able to reach promiscuous port to get out the internet

Private-Vlan Configuration
Ø  Switch(config)#vtp mode transparent
ü  Private vlan only be configured on transparent mode

Firstly we will configure primary VLAN configuration
Ø  Switch(config)#vlan 100
Ø  Switch(config-vlan)#private-vlan primary              (our primay Vlans for association)
Ø  Switch(config-vlan)#exit

Ø  Switch(config)#vlan 110
Ø  Switch(config-vlan)#private-vlan community         communicating with same vlan 110 and internet
Ø  Switch(config-vlan)#exit

Ø  Switch(config)#vlan 120
Ø  Switch(config-vlan)#private-vlan isolated                 communicate with gateway as well as internet}
Ø  Switch(config-vlan)#exit

Ø  Switch(config)#vlan 130
Ø  Switch(config-vlan)#private-vlan community          communicating  with same vlan 130 and internet

Ø  Switch(config-vlan)#exit

Now Associate Sub Vlan to a Primary vlan
Ø  Switch(config)#vlan 100
Ø  Switch(config-vlan)#private-vlan association 110,120,130
Ø  Switch(config-vlan)#exit

Now Associate the Port to VLAN
Ø  Switch(config)#interface range fastethernet 1/0 -1
Ø  Switch(config-if-range)#description CONNECTED WITH PC1 AND PC2
Ø  Switch(config-if-range)#switchport mode private-vlan host              (connected with PC)       
Ø  Switch(config-if-range)#switchport private-vlan host-association 100 110                {First primary vlan then followed by secondary vlans 110}
Ø  Switch(config-if-range)#exit

Ø  Switch(config)#interface fastethernet 1/3
Ø  Switch(config-if)#description CONNECTED WITH PC4
Ø  Switch(config-if)#switchport mode private-vlan host        
Ø  Switch(config-if)#switchport private-vlan host-association 100 120                      {  {First primary vlan then followed by secondary vlans 120}
Ø  Switch(config-if)#exit

Ø  Switch(config)#interface fastethernet 1/2
Ø  Switch(config-if)#description CONNECTED WITH PC3
Ø  Switch(config-if)#switchport mode private-vlan host                   
Ø  Switch(config-if)#switchport private-vlan host-association 100 130                      {First primary vlan then followed by secondary vlans 130}
Ø  Switch(config-if)#exit

Now we will configure the Promiscuous Port  

Implementing The Private-Vlans Switch Port 
Ø  Switch(config)#interface ethernet 0/0
Ø  Switch(config-if)#description CONNECTED WITH ROUTER
Ø  Switch(config-if)#switchport mode private-vlan promiscuous       reach everywhere   
Ø  Switch(config-if)#switchport private-vlan mapping 100 110,120,130         {First primary vlan then followed by secondary vlans}
Ø  Switch(config-if)#exit

Ø  R1(config)#interface fastEthernet 0/0
Ø  R1(config-if)#description CONNECTED WITH SWITCH
Ø  R1(config-if)#ip address 192.168.2.1 255.255.255.0
Ø  R1(config-if)#no shut
Ø  R1(config-if)#exit

Now test using PC1 PC2 PC3 and PC4

Ping PC1 to PC2         :- Successfully
Ping PC2 PC1             :- Successfully
Ping PC1 to PC3       :- Denied
Ping PC2 to PC4       :- Denied

All PC can ping Default gateway      : - Successfully ping

Click Here To Download The PDF File

14 comments: