Scribd
Upload
361 views6 pages

Private Vlan Lab

This document describes the configuration of a private VLAN lab setup on a switch. It shows the configuration of primary, isolated, and community VLANs and the association of access ports to these VLANs using private VLAN types. It also demonstrates connectivity testing between hosts in the different private VLANs to show how private VLANs restrict traffic.

Uploaded by

tranvudtvt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
361 views6 pages

Private Vlan Lab

This document describes the configuration of a private VLAN lab setup on a switch. It shows the configuration of primary, isolated, and community VLANs and the association of access ports to these VLANs using private VLAN types. It also demonstrates connectivity testing between hosts in the different private VLANs to show how private VLANs restrict traffic.

Uploaded by

tranvudtvt
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Private-VLAN Lab

Community
20

Community
10

SVI (Interface Vlan 100)


192.168.2.99

Isolated
30

Promiscuous
100
10,20,30

Host
100
10

Host
100
10

Host
100
20

Host
100
30

Host
100
30

Fa 0/1

Fa 0/2

Fa 0/3

Fa 0/4

Fa 0/5

Fa 0/6

Srv-2
192.168.2.112

Srv-3
192.168.2.113

Srv-4
192.168.2.114

Router(or Firewall)

192.168.2.1

Srv-5
192.168.2.115

Switch#configure terminal
Switch(config)#vtp mode transparent

Switch(config)#vlan 10
Switch(config-vlan)#private-vlan community
Switch(config-vlan)#vlan 20
Switch(config-vlan)#private-vlan community
Switch(config-vlan)#vlan 30
Switch(config-vlan)#private-vlan isolated

Switch(config-vlan)#vlan 100
Switch(config-vlan)#private-vlan primary
Switch(config-vlan)#private-vlan association 10,20,30

#####################YOU CANNOT ASSOCIATE MORE THAN ONE ISOLATED-VLAN TO A PRIMARY-VLAN


Switch(config-vlan)#exit
Switch(config)#vlan 40
Switch(config-vlan)#private-vlan isolated

Srv-6
192.168.2.116

Switch(config)#vlan 100
Switch(config-vlan)#private-vlan association add 40
%Command rejected: invalid private vlan association between vlan100 and vlan40. Isolated VLAN 30 is
already associated with VLAN 100.
Switch(config)#no vlan 40

#####################YOU CANNOT CHANGE VTP MODE


Switch(config)#vtp mode server
VTP mode cannot be set to server because there are private vlans configured on this device.

Switch(config)#interface fastEthernet 0/1


Switch(config-if)#switchport mode private-vlan promiscuous
Switch(config-if)#switchport private-vlan mapping 100 10,20,30

Switch(config)#interface fastEthernet 0/2


Switch(config-if)#switchport mode private-vlan host
Switch(config-if)#switchport private-vlan host-association 100 10
Switch(config-if)#interface fastEthernet 0/3
Switch(config-if)#switchport mode private-vlan host
Switch(config-if)#switchport private-vlan host-association 100 10
Switch(config-if)#interface fastEthernet 0/4
Switch(config-if)#switchport mode private-vlan host
Switch(config-if)#switchport private-vlan host-association 100 20
Switch(config-if)#interface fastEthernet 0/5
Switch(config-if)#switchport mode private-vlan host
Switch(config-if)#switchport private-vlan host-association 100 30
Switch(config-if)#interface fastEthernet 0/6
Switch(config-if)#switchport mode private-vlan host
Switch(config-if)#switchport private-vlan host-association 100 30

Switch#show vlan
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1
default
active
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
10
VLAN0010
active
20
VLAN0020
active
30
VLAN0030
active
100 VLAN0100
active
1002 fddi-default
act/unsup
1003 token-ring-default
act/unsup
1004 fddinet-default
act/unsup
1005 trnet-default
act/unsup
VLAN
---1
10
20
30

Type
----enet
enet
enet
enet

SAID
---------100001
100010
100020
100030

MTU
----1500
1500
1500
1500

Parent
------

RingNo
------

BridgeNo
--------

Stp
----

BrdgMode
--------

Trans1
-----0
0
0
0

Trans2
-----0
0
0
0

Switch#sh vlan private-vlan


Primary
------100
100
100

Secondary
--------10
20
30

Type
----------------community
community
isolated

Ports
-----------------------------------------Fa0/1, Fa0/2, Fa0/3
Fa0/1, Fa0/4
Fa0/1, Fa0/5, Fa0/6

Switch#show interfaces fastEthernet 0/3 switchport


Name: Fa0/3
Switchport: Enabled
Administrative Mode: private-vlan host
Operational Mode: private-vlan host
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: 100 (VLAN0100) 10 (VLAN0010)
Administrative private-vlan mapping: none

Switch#show interfaces fastEthernet 0/1 switchport


Name: Fa0/1
Switchport: Enabled
Administrative Mode: private-vlan promiscuous
Operational Mode: private-vlan promiscuous
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: 100 (VLAN0100) 10 (VLAN0010) 20 (VLAN0020) 30 (VLAN0030)

################FROM (SRV-3, 192.168.2.113):


C:\>ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=3ms TTL=64
Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
Ping statistics for 192.168.2.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms
C:\>ping 192.168.2.112
Pinging 192.168.2.112 with 32 bytes of data:
Reply from 192.168.2.112: bytes=32 time<1ms TTL=128
Reply from 192.168.2.112: bytes=32 time<1ms TTL=128
Reply from 192.168.2.112: bytes=32 time<1ms TTL=128
Reply from 192.168.2.112: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.2.112:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>ping 192.168.2.114
Pinging 192.168.2.114 with 32 bytes of data:
Request
Request
Request
Request

timed
timed
timed
timed

out.
out.
out.
out.

Ping statistics for 192.168.2.114:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\>ping 192.168.2.115
Pinging 192.168.2.115 with 32 bytes of data:
Request
Request
Request
Request

timed
timed
timed
timed

out.
out.
out.
out.

Ping statistics for 192.168.2.115:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\>ping 192.168.2.116
Pinging 192.168.2.116 with 32 bytes of data:
Request
Request
Request
Request

timed
timed
timed
timed

out.
out.
out.
out.

Ping statistics for 192.168.2.116:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

################FROM (SRV-6, 192.168.2.116):


C:\>ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=3ms TTL=64
Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
Ping statistics for 192.168.2.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms

C:\>ping 192.168.2.115
Pinging 192.168.2.115 with 32 bytes of data:
Request
Request
Request
Request

timed
timed
timed
timed

out.
out.
out.
out.

Ping statistics for 192.168.2.115:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Switch(config)#ip routing
Switch(config)#interface vlan 100
Switch(config-if)#ip address 192.168.2.99 255.255.255.0
Switch(config-if)#no shut
Switch#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1006 ms

Switch#ping 192.168.2.113
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.113, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Switch#conf t
Switch(config)#interface vlan 100
Switch(config-if)#private-vlan mapping 10

Switch#show interfaces vlan 100 private-vlan mapping


Interface Secondary VLANs
--------- -------------------------------------------------------------------vlan100
10

witch#ping 192.168.2.113
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.113, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Switch#ping 192.168.2.112
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.112, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

Switch#ping 192.168.2.114
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.114, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Switch#conf t
Switch(config)#inter vlan 100
Switch(config-if)#private-vlan mapping add 20
Switch(config-if)#^Z

Switch#sh
Interface
--------vlan100

interfaces vlan 100 private-vlan mapping


Secondary VLANs
-------------------------------------------------------------------10, 20

Switch#ping 192.168.2.114
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.114, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

Omidreza Omidbahar

You might also like