Private VLAN Cisco Configuration Example - www.ipcisco.com : www.ipcisco.com
You can Reach Our "CCNA Lab Courses with Packet Tracer" on Udemy.!!!
cisco-packet-tracer-ccna-adventure-1- cisco-packet-tracer-ccna-adventure-2-
Content Protection by DMCA.com

Private VLAN Cisco
Configuration Example

For Private VLAN configuration, we will do a configuration example with one switch and one router. Here, we will use the same topology that we have used before for Private VLAN overview. Our topology, ports and VLANs will be like below:

private-vlans-example

We will do the below Configuration on the Switch, one by one.

1. Set VTP Mode as “Transparent Mode”.

The first stepm is determination of the VTP Mode of the switch. It must be in “Transparent Mode”.

IPCisco# config terminal
IPCisco(config)# vtp mode transparent

2. Secondary VLANs Creation.

Secondly, we will create the Secondary VLANs.

IPCisco(config)# vlan 101
IPCisco(config-vlan)# private-vlan community
IPCisco(config-vlan)# end

IPCisco(config)# vlan 102
IPCisco(config-vlan)# private-vlan community
IPCisco(config-vlan)# end

IPCisco(config)# vlan 103
IPCisco(config-vlan)# private-vlan isolated
IPCisco(config-vlan)# end

3. Primary VLAN Creation.

In the step three, we will create Primary VLAN.

IPCisco(config)# vlan 100
IPCisco(config-vlan)# private-vlan primary
IPCisco(config-vlan)# end

4. Association Secondary VLANs to Primary VLAN.

Secondary VLANs need to be associated to the Primary VLAN.In this step, we will associate Secondary VLANs to Primary VLANs.

IPCisco(config)# vlan 100
IPCisco(config-vlan)# private-vlan association 101-103
IPCisco(config-vlan)# end

After this step, we can use “show vlan private-vlan” command and we can see all the Secondary VLANs are associated with Primary VLAN.

IPCisco# show vlan private-vlan
Primary Secondary Type Interfaces
———— ————– ——- —————
100 101 community
100 102 community
100 103 isolated

5. Port Mode Configuration.

It is time to configure Port Modes. We have talked about before about this Port roles. Now, we will configure these port types under the interfaces.

IPCisco(config)# interface fastethernet 1/2
IPCisco(config-if)# switchport mode private-vlan host

IPCisco(config)# interface fastethernet 1/3
IPCisco(config-if)# switchport mode private-vlan host

IPCisco(config)# interface fastethernet 1/4
IPCisco(config-if)# switchport mode private-vlan host

IPCisco(config)# interface fastethernet 1/5
IPCisco(config-if)# switchport mode private-vlan host

6. Association of Ports with Primary and Secondary VLANs.

In this step, we will associate the Ports with Primary and seconday VLANs. Here, the first number shows Primary VLAN (100) and the second number shows Secondary VLANs (101,102,103).

IPCisco(config)# interface fastethernet 1/2
IPCisco(config-if)# switchport private-vlan host-association 100 101

IPCisco(config)# interface fastethernet 1/3
IPCisco(config-if)# switchport private-vlan host-association 100 101

IPCisco(config)# interface fastethernet 1/4
IPCisco(config-if)# switchport private-vlan host-association 100 102

IPCisco(config)# interface fastethernet 1/5
IPCisco(config-if)# switchport private-vlan host-association 100 103

7. Promiscuous Port Configuration.

Step seven is the configuration of all in port, Promiscious Port.It accepts from all ports as we discussed before.

IPCisco(config)# interface fastethernet 1/1
IPCisco(config-if)# switchport mode private-vlan promiscuous

8. Mapping Promiscuous Port with Primary and Secondary VLANs.

In this step, we will map Promiscious Port with our configured Primary and Secondary VLANs. Here, again, the first number is Primary VLAN and Second numbers are Secondary VLANs(From 101 to 103).

IPCisco(config)# interface fastethernet 1/1
IPCisco(config-if)# switchport private-vlan mapping 100 101-103

After this configuration, our Private VLAN configuration is ready.It is time for the last step. Let’s verify the configuration.

9. Verify the configuration

Basicall, to verify Private VLAN configuration, you can use “show vlan”, “show vlan private-vlan”, “show interface status” command.

IPCisco # show vlan
IPCisco # show vlan private-vlan
IPCisco # show interface status

In this Private VLAN configuration example, we have configured Private VLANs for Cisco devices. If you would like to remember Private VLAN Overview, you can go to Private VLAN article below ;)

Private VLANs
Private VLAN Cisco Configuration

What is Protected Port?

Other VLAN lessons :

VLAN – Part 1
VLAN – Part 2 (VLAN Assignments and VLAN Port Types)
VLAN – Part 3 (VLAN Frame Tagging Protocols, ISL and Dot1.q)
VLAN – Part 4 (How to Configure Cisco VLANs)
VLAN – Part 5 (Packet Tracer VLAN Configuration Example)
VLAN Configuration on Huawei Switches

You can Reach Our "CCNA Lab Courses with Packet Tracer" on Udemy.!!!
cisco-packet-tracer-ccna-adventure-1- cisco-packet-tracer-ccna-adventure-2-



About the Author
Gokhan Kosem is a telecommunation and network engineer. His ambition to IP networks and end-to-end system installation made him to prepare this web-site. By sharing his experiences about various networking protocols beside different system installation experiences and Cisco, Juniper, Alcatel-Lucent devices configurations, he is aimed to be helpful for his collegues in all over the world. He is currently lives in Istanbul, Turkey.

Leave a Reply


Copy Protected by Chetan's WP-Copyprotect.