Scribd Logo
Unggah

Selamat datang di Scribd!

  • Private VLAN Lab Configuration Guide

    Diunggah oleh

    tranvudtvt
    181 tayangan6 halaman
    This document describes the configuration of a private VLAN lab setup on a switch. It shows the configuration of primary, isolated, and community VLANs and the association of access ports to these VLANs using private VLAN types. It also demonstrates connectivity testing between hosts in the different private VLANs to show how private VLANs restrict traffic.

    Deskripsi Asli:

    switching v6

    Judul Asli

    Private Vlan Lab

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    This document describes the configuration of a private VLAN lab setup on a switch. It shows the configuration of primary, isolated, and community VLANs and the association of access ports to these VLANs using private VLAN types. It also demonstrates connectivity testing between hosts in the different private VLANs to show how private VLANs restrict traffic.

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    181 tayangan6 halaman

    Private VLAN Lab Configuration Guide

    Diunggah oleh

    tranvudtvt
    This document describes the configuration of a private VLAN lab setup on a switch. It shows the configuration of primary, isolated, and community VLANs and the association of access ports to these VLANs using private VLAN types. It also demonstrates connectivity testing between hosts in the different private VLANs to show how private VLANs restrict traffic.

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 6

    Private-VLAN Lab

    Community
    20

    Community
    10

    SVI (Interface Vlan 100)


    192.168.2.99

    Isolated
    30

    Promiscuous
    100
    10,20,30

    Host
    100
    10

    Host
    100
    10

    Host
    100
    20

    Host
    100
    30

    Host
    100
    30

    Fa 0/1

    Fa 0/2

    Fa 0/3

    Fa 0/4

    Fa 0/5

    Fa 0/6

    Srv-2
    192.168.2.112

    Srv-3
    192.168.2.113

    Srv-4
    192.168.2.114

    Router(or Firewall)

    192.168.2.1

    Srv-5
    192.168.2.115

    Switch#configure terminal
    Switch(config)#vtp mode transparent

    Switch(config)#vlan 10
    Switch(config-vlan)#private-vlan community
    Switch(config-vlan)#vlan 20
    Switch(config-vlan)#private-vlan community
    Switch(config-vlan)#vlan 30
    Switch(config-vlan)#private-vlan isolated

    Switch(config-vlan)#vlan 100
    Switch(config-vlan)#private-vlan primary
    Switch(config-vlan)#private-vlan association 10,20,30

    #####################YOU CANNOT ASSOCIATE MORE THAN ONE ISOLATED-VLAN TO A PRIMARY-VLAN


    Switch(config-vlan)#exit
    Switch(config)#vlan 40
    Switch(config-vlan)#private-vlan isolated

    Srv-6
    192.168.2.116

    Switch(config)#vlan 100
    Switch(config-vlan)#private-vlan association add 40
    %Command rejected: invalid private vlan association between vlan100 and vlan40. Isolated VLAN 30 is
    already associated with VLAN 100.
    Switch(config)#no vlan 40

    #####################YOU CANNOT CHANGE VTP MODE


    Switch(config)#vtp mode server
    VTP mode cannot be set to server because there are private vlans configured on this device.

    Switch(config)#interface fastEthernet 0/1


    Switch(config-if)#switchport mode private-vlan promiscuous
    Switch(config-if)#switchport private-vlan mapping 100 10,20,30

    Switch(config)#interface fastEthernet 0/2


    Switch(config-if)#switchport mode private-vlan host
    Switch(config-if)#switchport private-vlan host-association 100 10
    Switch(config-if)#interface fastEthernet 0/3
    Switch(config-if)#switchport mode private-vlan host
    Switch(config-if)#switchport private-vlan host-association 100 10
    Switch(config-if)#interface fastEthernet 0/4
    Switch(config-if)#switchport mode private-vlan host
    Switch(config-if)#switchport private-vlan host-association 100 20
    Switch(config-if)#interface fastEthernet 0/5
    Switch(config-if)#switchport mode private-vlan host
    Switch(config-if)#switchport private-vlan host-association 100 30
    Switch(config-if)#interface fastEthernet 0/6
    Switch(config-if)#switchport mode private-vlan host
    Switch(config-if)#switchport private-vlan host-association 100 30

    Switch#show vlan
    VLAN Name
    Status
    Ports
    ---- -------------------------------- --------- ------------------------------1
    default
    active
    Fa0/7, Fa0/8, Fa0/9, Fa0/10
    Fa0/11, Fa0/12, Fa0/13, Fa0/14
    Fa0/15, Fa0/16, Fa0/17, Fa0/18
    Fa0/19, Fa0/20, Fa0/21, Fa0/22
    Fa0/23, Fa0/24, Gi0/1, Gi0/2
    10
    VLAN0010
    active
    20
    VLAN0020
    active
    30
    VLAN0030
    active
    100 VLAN0100
    active
    1002 fddi-default
    act/unsup
    1003 token-ring-default
    act/unsup
    1004 fddinet-default
    act/unsup
    1005 trnet-default
    act/unsup
    VLAN
    ---1
    10
    20
    30

    Type
    ----enet
    enet
    enet
    enet

    SAID
    ---------100001
    100010
    100020
    100030

    MTU
    ----1500
    1500
    1500
    1500

    Parent
    ------

    RingNo
    ------

    BridgeNo
    --------

    Stp
    ----

    BrdgMode
    --------

    Trans1
    -----0
    0
    0
    0

    Trans2
    -----0
    0
    0
    0

    Switch#sh vlan private-vlan


    Primary
    ------100
    100
    100

    Secondary
    --------10
    20
    30

    Type
    ----------------community
    community
    isolated

    Ports
    -----------------------------------------Fa0/1, Fa0/2, Fa0/3
    Fa0/1, Fa0/4
    Fa0/1, Fa0/5, Fa0/6

    Switch#show interfaces fastEthernet 0/3 switchport


    Name: Fa0/3
    Switchport: Enabled
    Administrative Mode: private-vlan host
    Operational Mode: private-vlan host
    Administrative Trunking Encapsulation: negotiate
    Operational Trunking Encapsulation: native
    Negotiation of Trunking: Off
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: 100 (VLAN0100) 10 (VLAN0010)
    Administrative private-vlan mapping: none

    Switch#show interfaces fastEthernet 0/1 switchport


    Name: Fa0/1
    Switchport: Enabled
    Administrative Mode: private-vlan promiscuous
    Operational Mode: private-vlan promiscuous
    Administrative Trunking Encapsulation: negotiate
    Operational Trunking Encapsulation: native
    Negotiation of Trunking: Off
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: 100 (VLAN0100) 10 (VLAN0010) 20 (VLAN0020) 30 (VLAN0030)

    ################FROM (SRV-3, 192.168.2.113):


    C:\>ping 192.168.2.1
    Pinging 192.168.2.1 with 32 bytes of data:
    Reply from 192.168.2.1: bytes=32 time=3ms TTL=64
    Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
    Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
    Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
    Ping statistics for 192.168.2.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 3ms, Average = 2ms
    C:\>ping 192.168.2.112
    Pinging 192.168.2.112 with 32 bytes of data:
    Reply from 192.168.2.112: bytes=32 time<1ms TTL=128
    Reply from 192.168.2.112: bytes=32 time<1ms TTL=128
    Reply from 192.168.2.112: bytes=32 time<1ms TTL=128
    Reply from 192.168.2.112: bytes=32 time<1ms TTL=128
    Ping statistics for 192.168.2.112:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    C:\>ping 192.168.2.114
    Pinging 192.168.2.114 with 32 bytes of data:
    Request
    Request
    Request
    Request

    timed
    timed
    timed
    timed

    out.
    out.
    out.
    out.

    Ping statistics for 192.168.2.114:


    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    C:\>ping 192.168.2.115
    Pinging 192.168.2.115 with 32 bytes of data:
    Request
    Request
    Request
    Request

    timed
    timed
    timed
    timed

    out.
    out.
    out.
    out.

    Ping statistics for 192.168.2.115:


    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    C:\>ping 192.168.2.116
    Pinging 192.168.2.116 with 32 bytes of data:
    Request
    Request
    Request
    Request

    timed
    timed
    timed
    timed

    out.
    out.
    out.
    out.

    Ping statistics for 192.168.2.116:


    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    ################FROM (SRV-6, 192.168.2.116):


    C:\>ping 192.168.2.1
    Pinging 192.168.2.1 with 32 bytes of data:
    Reply from 192.168.2.1: bytes=32 time=3ms TTL=64
    Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
    Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
    Reply from 192.168.2.1: bytes=32 time=2ms TTL=64
    Ping statistics for 192.168.2.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 3ms, Average = 2ms

    C:\>ping 192.168.2.115
    Pinging 192.168.2.115 with 32 bytes of data:
    Request
    Request
    Request
    Request

    timed
    timed
    timed
    timed

    out.
    out.
    out.
    out.

    Ping statistics for 192.168.2.115:


    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Switch(config)#ip routing
    Switch(config)#interface vlan 100
    Switch(config-if)#ip address 192.168.2.99 255.255.255.0
    Switch(config-if)#no shut
    Switch#ping 192.168.2.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1006 ms

    Switch#ping 192.168.2.113
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.2.113, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)

    Switch#conf t
    Switch(config)#interface vlan 100
    Switch(config-if)#private-vlan mapping 10

    Switch#show interfaces vlan 100 private-vlan mapping


    Interface Secondary VLANs
    --------- -------------------------------------------------------------------vlan100
    10

    witch#ping 192.168.2.113
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.2.113, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

    Switch#ping 192.168.2.112
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.2.112, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

    Switch#ping 192.168.2.114
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.2.114, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)

    Switch#conf t
    Switch(config)#inter vlan 100
    Switch(config-if)#private-vlan mapping add 20
    Switch(config-if)#^Z

    Switch#sh
    Interface
    --------vlan100

    interfaces vlan 100 private-vlan mapping


    Secondary VLANs
    -------------------------------------------------------------------10, 20

    Switch#ping 192.168.2.114
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.2.114, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

    Omidreza Omidbahar

    Anda mungkin juga menyukai