Worked on Private VLANs today and they are petty cool. They allow you to segregate hosts without re-IPing them. First the switch must be in Transparent mode, (found this out the hard way)
Then create the Secondary Vlans. There are 2 types, Community were the members can talk with each other, and Isolated were members can not talk to each other. In both case the members can talk to one other special port.Vlan ID# 201
private-vlan type (Community)
Vlan ID# 202
private-vlan type (Isolated)
Than make the Primary vlan and associate it to the secondaries
Vlan ID# 2private-vlan primary
private-vlan association list (201,202)
There are 2 port types, Host which are connected to members of the secondary Vlans, and Promiscuous which is connected to the router and is no in any secondary Vlans but is in the primary VLAN.
To configute the access ports for member hosts and associte it to the primary and seconary vlans
int f0/1
sw mode private-vlan host
sw private-vlan host-association Primary Vlan Secondary Vlan (2 201)
To configure a port that connect to a router and associte it to the primary and seconary vlans
int f0/24
sw mode private-vlan promiscuous
sw privet-vlan mapping Primary Vlan Secondary Vlans (2 201,202)
We can use the "sh int status" command to see that f0/1 is in two vlans 2 and 201, and that int f0/24 is ???
No comments:
Post a Comment