Private VLAN Cisco Configuration Example - www.ipcisco.com : www.ipcisco.com
Content Protection by DMCA.com

Private VLAN Cisco
Configuration Example

For Private VLAN configuration, we will do a configuration example with one siwtch and one router. Here, we will use the same topology that we have used before for Private VLAN overview. Our topology, ports and VLANs will be like below.

private-vlans-example

On switch, we will do the below configuration one by one.

1. Set VTP Mode as “Transparent Mode”.

IPCisco# config terminal
IPCisco(config)# vtp mode transparent

2. Secondary VLANs Creation.

IPCisco(config)# vlan 101
IPCisco(config-vlan)# private-vlan community
IPCisco(config-vlan)# end

IPCisco(config)# vlan 102
IPCisco(config-vlan)# private-vlan community
IPCisco(config-vlan)# end

IPCisco(config)# vlan 103
IPCisco(config-vlan)# private-vlan isolated
IPCisco(config-vlan)# end

3. Primary VLAN Creation.

IPCisco(config)# vlan 100
IPCisco(config-vlan)# private-vlan primary
IPCisco(config-vlan)# end

4. Association Secondary VLANs to Primary VLAN.

IPCisco(config)# vlan 100
IPCisco(config-vlan)# private-vlan association 101-103
IPCisco(config-vlan)# end

IPCisco# show vlan private-vlan
Primary Secondary Type Interfaces
———— ————– ——- —————
100 101 community
100 102 community
100 103 isolated

5. Port Mode Configuration.

IPCisco(config)# interface fastethernet 1/2
IPCisco(config-if)# switchport mode private-vlan host

IPCisco(config)# interface fastethernet 1/3
IPCisco(config-if)# switchport mode private-vlan host

IPCisco(config)# interface fastethernet 1/4
IPCisco(config-if)# switchport mode private-vlan host

IPCisco(config)# interface fastethernet 1/5
IPCisco(config-if)# switchport mode private-vlan host

6. Association of Ports with Primary and Secondary VLANs.

IPCisco(config)# interface fastethernet 1/2
IPCisco(config-if)# switchport private-vlan host-association 100 101

IPCisco(config)# interface fastethernet 1/3
IPCisco(config-if)# switchport private-vlan host-association 100 101

IPCisco(config)# interface fastethernet 1/4
IPCisco(config-if)# switchport private-vlan host-association 100 102

IPCisco(config)# interface fastethernet 1/5
IPCisco(config-if)# switchport private-vlan host-association 100 103

7. Promiscuous Port Configuration.

IPCisco(config)# interface fastethernet 1/1
IPCisco(config-if)# switchport mode private-vlan promiscuous

8. Mapping Promiscuous Port with Primary and Secondary VLANs.

IPCisco(config)# interface fastethernet 1/1
IPCisco(config-if)# switchport private-vlan mapping 100 101-103

9. Verify the configuration

IPCisco # show vlan
IPCisco # show vlan private-vlan
IPCisco # show interface status

After the verification, our Private VLAN configuration is ready.

Other VLAN lessons :

VLAN – Part 1
VLAN – Part 2 (VLAN Assignments and VLAN Port Types)
VLAN – Part 3 (VLAN Frame Tagging Protocols, ISL and Dot1.q)
VLAN – Part 4 (How to Configure Cisco VLANs)
VLAN – Part 5 (Packet Tracer VLAN Configuration Example)
VLAN Configuration on Huawei Switches

Private VLANs
Private VLAN Cisco Configuration

What is Protected Port?




About the Author
Gokhan Kosem is a telecommunation and network engineer. His ambition to IP networks and end-to-end system installation made him to prepare this web-site. By sharing his experiences about various networking protocols beside different system installation experiences and Cisco, Juniper, Alcatel-Lucent devices configurations, he is aimed to be helpful for his collegues in all over the world. He is currently lives in Istanbul, Turkey.

Leave a Reply


Copy Protected by Chetan's WP-Copyprotect.