Example for Configuring PVLAN

Owned by Tracy Yang
Nov 13, 2023
3 min read

Networking Requirements

Figure 1. PVLAN Configuration Example

As shown in Figure 1, in an enterprise network, all employees have access authorization to the enterprise server. However, it is desirable that some employees within the enterprise can communicate with each other, while some employees are isolated from each other.

In order to achieve this, PVLAN feature can be deployed on the switch that connects the terminal and the enterprise server. PVLAN not only meets the network isolation demands, but also addresses the problem of VLAN ID shortage, and is easy to maintain by the network administrator.

Complete the following configurations on the Switch:

  • To isolate the communication between Host A and Host B, configure the VLAN of Host A and Host B (VLAN 2) as the Isolated VLAN; To make sure Host C and Host D can communicate with each other, configure the VLAN of Host C and Host D (VLAN 3) as the Community VLAN.
  • Configure the VLAN of the server as the Primary VLAN.
  • The access ports of Host A, Host B, Host C, and Host D are configured as the PVLAN host ports.
  • Add the access ports of Host A and Host B (ge-1/1/1 and ge-1/1/2) into Isolated VLAN. Add the access ports of Host C and Host D (ge-1/1/3 and ge-1/1/4) to the Community VLAN.
  • The port connected to the server is configured as promiscuous port and is added into the primary VLAN (VLAN 5).

Procedure

Step1         Create the secondary VLANs.

admin@XorPlus# set vlans vlan-id 2 private-vlan mode isolated
admin@XorPlus# set vlans vlan-id 3 private-vlan mode community

Step2         Create the primary VLAN.

admin@XorPlus# set vlans vlan-id 5 private-vlan mode primary

Step3         Associate the secondary VLAN with the primary VLAN.

admin@XorPlus# set vlans vlan-id 5 private-vlan association 2-3

Step4         Configure the ports connected to the hosts as the PVLAN host ports.

admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching port-mode pvlan-host
admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching port-mode pvlan-host
admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switching port-mode pvlan-host
admin@XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switching port-mode pvlan-host

Step5         Configure the port connected to the Server as the promiscuous port.

admin@XorPlus# set interface gigabit-ethernet te-1/1/1 family ethernet-switching port-mode pvlan-promiscuous

Step6         Add the host ports into the secondary VLAN and set the native VLAN of the host port as the secondary VLAN ID.

admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 2
admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 2
admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 family ethernet-switching native-vlan-id 3
admin@XorPlus# set interface gigabit-ethernet ge-1/1/4 family ethernet-switching native-vlan-id 3

Step7         Add the promiscuous port into the primary VLAN and set the native VLAN of the promiscuous port as the primary VLAN ID.

admin@XorPlus# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 5

Step8         Commit the configurations.

admin@XorPlus# commit

Verify the Configuration

  • You can use the run show vlans private-vlan command to view the PVLAN configuration information.
admin@Xorplus# run show vlans private-vlan
Primary   Secondary  Type            Tag         Interfaces
-------   ---------  -----------     --------    --------------------------
5                    primary         untagged    te-1/1/1                                                  
                                       tagged  
          2          isolated        untagged    ge-1/1/1, ge-1/1/2                                           
                                       tagged  
          3          community       untagged    ge-1/1/3, ge-1/1/4                                 
                                       tagged  
  •       You can use the run show vlans private-vlan type command to view the PVLAN type information.
admin@Xorplus# run show vlans private-vlan type
Vlan Type
---- -----------
5    primary
2    isolated
3    community
  • Check device connection status.

The Server, Host A, Host B, Host C and Host D are on the same subnet.

Host A, Host B, Host C and Host D can communicate with the Server.

Host A and Host B cannot communicate with each other at Layer 2.

Host C and Host D can communicate with each other at Layer 2.

Host A and Host B cannot communicate with Host C and Host D at Layer 2.

Copyright © 2024 Pica8 Inc. All Rights Reserved.