© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Configuring PVLANs.

Slides:



Advertisements
Similar presentations
Virtual Trunk Protocol
Advertisements

Scalable Security in a Multi-Client Environment - Private VLANs Designing VLANs in Networks.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Chapter 3: Link Aggregation
/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
KONFIGURASI INTERVLAN ROUTING Berikut langkah-langkah KONFIGURASI INTERVLAN ROUTING: *ps: -menggunakan beberapa switch vtp server, untuk memudahkan administrasi.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Chapter 2: Implementing VLANs in Campus Networks
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.
Packet Tracer 6 Building a VoIP Network (Part 3)
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
1 CCNA 3 v3.1 Module 9. 2 CCNA 3 Module 9 VLAN Trunking Protocol.
Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.
© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
VLANs.ppt CCNA Exploration Semester 3 Chapter 3
CCENT Study Guide Chapter 11 VLANs and Inter-VLAN Routing.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Applying Best Practices for VLAN Topologies.
Voice VLANs Lecture 7 VLANs.ppt 21/04/ Apr-17
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.
Instructor & Todd Lammle
© 2006 Cisco Systems, Inc. All rights reserved.1 Microsoft Network Load Balancing Support Vivek V
Sybex CCNA Chapter 11: VLAN’s Instructor & Todd Lammle.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VLANs.
Building Cisco Multilayer Switched Networks (BCMSN)
Chapter 3 test.  VLANS group hosts _____________________ logically or physically?  Logically—regardless of physical location  Devices in one VLAN do.
/24 Host Name :R1 Model : 1841 WIC-1T Serial 0/0/0 Basic Configuration.
Chapter 9 – Implementing Ethernet Virtual LANs
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
CCNA 3 Week 9 VLAN Trunking. Copyright © 2005 University of Bolton Origins Dates back to radio and telephone Trunk carries multiple channels over a single.
© 2002, Cisco Systems, Inc. All rights reserved..
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir Part V: Monitoring Campus Networks.
Medium-Sized Switched Network Construction NetPro-ITI Implementing VLANs and Trunks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching.
Chapter 6 1 Chap 6 – Implement Inter-VLAN Routing Learning Objectives Explain to the satisfaction of a qualified instructor how network traffic is routed.
The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: Implementing VLAN Security Routing And Switching 3.0.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
W&L Page 1 CCNA CCNA Training 2.7 Configure and verify trunking on Cisco switches Jose Luis Flores / Amel Walkinshaw Aug, 2015.
Switching Topic 2 VLANs.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against VLAN Attacks.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 VLAN Trunking Protocol Cisco Networking Academy.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.
VLAN Design Etherchannel. Review: Private VLANS  Used by Service providers to deploy host services and network access where all devices reside in the.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Cisco 3 - Switch Perrine. J Page 12/4/2016 Chapter 9 Which protocol is Cisco proprietary and designed to carry traffic from multiple VLANs? A Q.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 VLANs LAN Switching and Wireless – Chapter 3.
Cisco Study Guide
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 VLANs.
Instructor Materials Chapter 2: Scaling VLANs
SECURITY ZONES.
Chapter 11 VLANs and Inter-VLAN Routing
CCNA 3 Chapter 10 Virtual Trunking Protocol
Extending Switched Networks with Virtual LANs
Chapter 5: Inter-VLAN Routing
Introduction to Networking
Chapter 2: Scaling VLANs
Chapter 3: Implementing VLAN Security
Chapter 2: Scaling VLANs
LAN Switching and Wireless – Chapter 4
LAN Switching and Wireless – Chapter 4
LAN Switching and Wireless – Chapter 4
LAN Switching and Wireless – Chapter 4
Presentation transcript:

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Configuring PVLANs

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-2 Access Switch: Protected Port  Protected ports can communicate only with unprotected ports.  Protected ports are useful for access switches.  Configures a protected or unprotected port.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-3 About PVLANs  A primary VLAN is divided into secondary VLANs.  These VLANs are isolated or community VLANs.  The host can communicate only with promiscuous ports.  The host on community VLANs can communicate also within same community.  PVLANs are not supported on Catalyst 2960 Switches.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-4 PVLAN Port Types  Isolated –Communicates with only promiscuous ports  Promiscuous –Communicates with all other ports  Community –Communicates with the other members of community and all promiscuous ports

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-5 Isolated PVLAN Configuration  Set VTP transparent.  Create secondary VLANs.  Create a primary VLAN.  Associate the secondary and primary VLANs.  Configure the port as host or promiscuous.  Configure the private VLAN association on ports.  Configure the VLAN mapping on an internal IP interface for VLAN.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-6 Isolated PVLAN Configuration (1) Configure the private VLANs and VLAN association. sw1(config)# vtp transparent sw1(config)# vlan 201 sw1(config-vlan)# private-vlan isolated sw1(config)# vlan 100 sw1(config-vlan)# private-vlan primary sw1(config-vlan)# private-vlan association add 201 sw2(config)# vtp transparent sw2(config)# vlan 201 sw2(config-vlan)# private-vlan isolated sw2(config)# vlan 100 sw2(config-vlan)# private-vlan primary sw2(config-vlan)# private-vlan association add 201

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-7 Configure the PVLAN host port. Isolated PVLAN Configuration (2) sw2(config)# interface range fastethernet 0/1 - 2 sw2(config-if)# switchport mode private-vlan host sw2(config-if)# switchport private-vlan host-association sw2# show interfaces fastethernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: private-vlan host Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: 201 (VLAN0201) Administrative private-vlan mapping: none Operational private-vlan: none Trunking VLANs Enabled: ALL

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-8 Isolated PVLAN Configuration (3) sw2(config)# interface fastethernet 0/12 sw2(config-if)# switchport mode private-vlan promiscuous sw2(config-if)# switchport private-vlan mapping Sw2# show interfaces fastethernet 0/12 switchport Name: Fa0/12 Switchport: Enabled Administrative Mode: private-vlan promiscuous Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: none ((Inactive)) Administrative private-vlan mapping: 100 (VLAN0100) 201 (VLAN0201) Operational private-vlan: none Trunking VLANs Enabled: ALL Configure the private VLAN promiscuous port.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-9 Isolated PVLAN Verification sw# show vlan private-vlan type Vlan Type primary 201 isolated sw# show vlan private-vlan Primary Secondary Type Ports isolated fa0/1,fa0/2 Display the configured private VLANs, VLAN types, and mappings.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-10 Community PVLAN Configuration  Set VTP transparent.  Create secondary VLANs.  Create a primary VLAN.  Associate secondary and primary VLANs.  Configure the port as host or promiscuous.  Configure the private VLAN association on the ports.  Configure a VLAN mapping on the internal IP interface for VLAN.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-11 Community PVLAN Configuration (1) sw1(config)# vtp transparent sw1(config)# vlan 202 sw1(config-vlan)# private-vlan community sw1(config)# vlan 100 sw1(config-vlan)# private-vlan primary sw1(config-vlan)# private-vlan association add 202 sw2(config)# vtp transparent sw2(config)# vlan 202 sw2(config-vlan)# private-vlan community sw2(config)# vlan 100 sw2(config-vlan)# private-vlan primary sw2(config-vlan)# private-vlan association add 202 Configure private VLANs and VLAN association.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-12 Community PVLAN Configuration (2) sw2(config)# interface range fastethernet 0/1 - 2 sw2(config-if)# switchport mode private-vlan host sw2(config-if)# switchport private-vlan host-association sw2# show interfaces fastethernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: private-vlan host Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: 202 (VLAN0202) Administrative private-vlan mapping: none Operational private-vlan: none Trunking VLANs Enabled: ALL Configure a private VLAN host port.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-13 Community PVLAN Configuration (3) sw2(config)# interface fastethernet 0/12 sw2(config-if)# switchport mode private-vlan promiscuous sw2(config-if)# switchport private-vlan mapping Sw2# show interfaces fastethernet 0/12 switchport Name: Fa0/12 Switchport: Enabled Administrative Mode: private-vlan promiscuous Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: none ((Inactive)) Administrative private-vlan mapping: 100 (VLAN0100) 202 (VLAN0202) Operational private-vlan: none Trunking VLANs Enabled: ALL Configure a private VLAN promiscuous port.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-14 Community PVLAN Verification sw# show vlan private-vlan type Vlan Type primary 202 community sw2# show vlan private-vlan Primary Secondary Type Ports community fa0/1,fa0/2 Display configured private VLANs, VLAN types, and mappings.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-15  DNS, web, and SMTP servers are in DMZ and in same subnet.  DNS servers can communicate with each other and with router.  Web and SMTP servers can communicate only with router. PVLAN Example

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-16 PVLAN Example (Cont.) sw(config)# vtp transparent sw(config)# vlan 201 sw(config-vlan)# private-vlan isolated sw(config)# vlan 202 sw(config-vlan)# private-vlan community sw(config)# vlan 100 sw(config-vlan)# private-vlan primary sw(config-vlan)# private-vlan association 201,202 sw(config)# interface fastethernet 0/24 sw(config-if)# switchport mode private-vlan promiscuous sw(config-if)# switchport private-vlan mapping ,202 sw(config)# interface range fastethernet 0/1 - 2 sw(config-if)# switchport mode private-vlan host sw2(config-if)# switchport private-vlan host-association sw(config)# interface range fastethernet 0/3 - 4 sw(config-if)# switchport mode private-vlan host sw2(config-if)# switchport private-vlan host-association

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-17 PVLANs Across Multiple Switches  PVLANs can be carried over regular 802.1Q trunks.  PVLAN trunks can also be specifically created, in isolated modes (when downstream switch does not support PVLANs) or promiscuous mode (when upstream switch does not support PVLANs).

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-18 Summary  Device-to-device communication within a single VLAN can be blocked with the protected port feature.  Device communication within the same VLAN can be fine-tuned using PVLANs.  A PVLAN is associated with a primary VLAN and then is mapped to one or several ports.  A primary VLAN can map to one isolated and several community VLANs.  A typical use of PVLANs is for device isolation in a DMZ environment.  PVLANs can span several switches using regular 802.1Q trunks or PVLAN trunks.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.