Example for Configuring PVLAN
Networking Requirements
Figure 1. PVLAN Configuration Example
As shown in Figure 1, in an enterprise network, all employees have access authorization to the enterprise server. However, it is desirable that some employees within the enterprise can communicate with each other, while some employees are isolated from each other.
In order to achieve this, PVLAN feature can be deployed on the switch that connects the terminal and the enterprise server. PVLAN not only meets the network isolation demands, but also addresses the problem of VLAN ID shortage, and is easy to maintain by the network administrator.
Complete the following configurations on the Switch:
- To isolate the communication between Host A and Host B, configure the VLAN of Host A and Host B (VLAN 2) as the Isolated VLAN; To make sure Host C and Host D can communicate with each other, configure the VLAN of Host C and Host D (VLAN 3) as the Community VLAN.
- Configure the VLAN of the server as the Primary VLAN.
- The access ports of Host A, Host B, Host C, and Host D are configured as the PVLAN host ports.
- Add the access ports of Host A and Host B (ge-1/1/1 and ge-1/1/2) into Isolated VLAN. Add the access ports of Host C and Host D (ge-1/1/3 and ge-1/1/4) to the Community VLAN.
- The port connected to the server is configured as promiscuous port and is added into the primary VLAN (VLAN 5).
Procedure
Step1Â Â Â Â Â Â Â Â Â Create the secondary VLANs.
admin@XorPlus# set vlans vlan-id 2 private-vlan mode isolated admin@XorPlus# set vlans vlan-id 3 private-vlan mode community
Step2Â Â Â Â Â Â Â Â Â Create the primary VLAN.
admin@XorPlus# set vlans vlan-id 5 private-vlan mode primary
Step3Â Â Â Â Â Â Â Â Â Associate the secondary VLANÂ with the primary VLAN.
admin@XorPlus# set vlans vlan-id 5 private-vlan association 2-3
Step4Â Â Â Â Â Â Â Â Â Configure the ports connected to the hosts as the PVLAN host ports.
admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching port-mode pvlan-host admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching port-mode pvlan-host admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switching port-mode pvlan-host admin@XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switching port-mode pvlan-host
Step5Â Â Â Â Â Â Configure the port connected to the Server as the promiscuous port.
admin@XorPlus# set interface gigabit-ethernet te-1/1/1 family ethernet-switching port-mode pvlan-promiscuous
Step6Â Â Â Â Â Â Â Â Â Add the host ports into the secondary VLAN and set the native VLAN of the host port as the secondary VLAN ID.
admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 2 admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 2 admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switching native-vlan-id 3 admin@XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switching native-vlan-id 3
Step7Â Â Â Â Â Â Â Â Â Add the promiscuous port into the primary VLAN and set the native VLAN of the promiscuous port as the primary VLAN ID.
admin@XorPlus# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 5
Step8Â Â Â Â Â Â Â Â Â Commit the configurations.
admin@XorPlus# commit
Verify the Configuration
- You can use the run show vlans private-vlan command to view the PVLAN configuration information.
admin@Xorplus# run show vlans private-vlan Primary Secondary Type       Tag     Interfaces -------   ---------  -----------    --------    -------------------------- 5              primary    untagged te-1/1/1                                                                              tagged         2       isolated   untagged  ge-1/1/1, ge-1/1/2                                                                        tagged         3      community  untagged  ge-1/1/3, ge-1/1/4                                                              tagged Â
- Â Â Â Â You can use the run show vlans private-vlan type command to view the PVLAN type information.
admin@Xorplus# run show vlans private-vlan type Vlan Type ---- ----------- 5Â Â Â primary 2Â Â Â isolated 3Â Â Â community
- Check device connection status.
The Server, Host A, Host B, Host C and Host D are on the same subnet.
Host A, Host B, Host C and Host D can communicate with the Server.
Host A and Host B cannot communicate with each other at Layer 2.
Host C and Host D can communicate with each other at Layer 2.
Host A and Host B cannot communicate with Host C and Host D at Layer 2.
Copyright © 2024 Pica8 Inc. All Rights Reserved.