Basic Concept of Private VLANs

Today I am going to talk about the basic information followed by the basic configuration of the private VLANs. A Private VLAN gives us the  opportunity to divide a VLAN into Sub VLANs. In the case of PVLAN, a normal VLAN is mapped on Secondary VLANs. 

This helps us to restrict devices being connected in the same normal VLAN (subnet) to communicate with each other.Private VLANs can be configured to different characteristics such as “Community”, “Isolated” and “promiscuous”. 

Community : The community state will enable communication between client ports if they are in the same community VLAN. 

Isolated : The isolated port will only be able to send data to the promiscuous port, regardless of clients belonging in the same VLAN. 

Promiscuous PortThe promiscuous port will be able to receive data from all ports, this port should be connected to a gateway of some sort in order to let all the different ports out of the network 

Below is the diagram showing the concept of the Private VLANs which includes Community and Isolated VLANs and also covers the concept of the Promiscuous port in the network.

Fig 1.1- Private VLANs

Let's talk about the basic configuration in the network showing the Private VLANs which include the Community and the isolated Private VLANs.

RouteXP(config)# vtp mode transparent
RouteXP(config)# vlan 102
RouteXP(config-vlan)# private-vlan isolated
RouteXP(config)# vlan 101
RouteXP(config-vlan)#private-vlan community
RouteXP(config-vlan)# vlan 100
RouteXP(config-vlan)# private-vlan primary
RouteXP(config-vlan)# private-vlan association 101 102

Our Configuration looks like as below. Please make a note that IP address used here are only for the testing purposes and has no relevance with any of the enterprise networks.
vlan 100
private-vlan primary
private-vlan association 101 102
vlan 101
private-vlan community
vlan 102
private-vlan isolated

Let's Configure the association of the ports 

RouteXP(config)# interface ge0/1
RouteXP(config-if)# Switchport mode private-vlan promiscuous
RouteXP(config-if)# Switchport private-vlan mapping 100 101 102

RouteXP(config)# interface range ge0/2-ge0/3
RouteXP(config-if)# Switchport mode private-vlan host
RouteXP(config-if)# Switchport private-vlan host-association 100 101

RouteXP(config)# interface range ge0/4-ge0/5
RouteXP(config-if)# Switchport mode private-vlan host
RouteXP(config-if)# Switchport private-vlan host-association 100 102

Let's check all the interface status 

RouteXP# show interface status
Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1                        connected    100        a-full  a-100 10/100BaseTX
Gi0/2                        connected    100,101 a-full  a-100 10/100/0BaseTX
Gi0/3                        connected    100,101 a-full  a-100 10/100BaseTX
Gi0/4                        connected    100,102 a-full  a-100 10/100BaseTX
Gi0/5                        connected    100,102 a-full  a-100 10/100BaseTX

Popular Posts

Powered by Blogger.