Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Configuring PVLANs.

Published byCameron Cole Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Configuring PVLANs."— Presentation transcript:

1 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Configuring PVLANs

2 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-2 Access Switch: Protected Port  Protected ports can communicate only with unprotected ports.  Protected ports are useful for access switches.  Configures a protected or unprotected port.

3 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-3 About PVLANs  A primary VLAN is divided into secondary VLANs.  These VLANs are isolated or community VLANs.  The host can communicate only with promiscuous ports.  The host on community VLANs can communicate also within same community.  PVLANs are not supported on Catalyst 2960 Switches.

4 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-4 PVLAN Port Types  Isolated –Communicates with only promiscuous ports  Promiscuous –Communicates with all other ports  Community –Communicates with the other members of community and all promiscuous ports

5 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-5 Isolated PVLAN Configuration  Set VTP transparent.  Create secondary VLANs.  Create a primary VLAN.  Associate the secondary and primary VLANs.  Configure the port as host or promiscuous.  Configure the private VLAN association on ports.  Configure the VLAN mapping on an internal IP interface for VLAN.

6 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-6 Isolated PVLAN Configuration (1) Configure the private VLANs and VLAN association. sw1(config)# vtp transparent sw1(config)# vlan 201 sw1(config-vlan)# private-vlan isolated sw1(config)# vlan 100 sw1(config-vlan)# private-vlan primary sw1(config-vlan)# private-vlan association add 201 sw2(config)# vtp transparent sw2(config)# vlan 201 sw2(config-vlan)# private-vlan isolated sw2(config)# vlan 100 sw2(config-vlan)# private-vlan primary sw2(config-vlan)# private-vlan association add 201

7 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-7 Configure the PVLAN host port. Isolated PVLAN Configuration (2) sw2(config)# interface range fastethernet 0/1 - 2 sw2(config-if)# switchport mode private-vlan host sw2(config-if)# switchport private-vlan host-association 100 201 sw2# show interfaces fastethernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: private-vlan host Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: 201 (VLAN0201) Administrative private-vlan mapping: none Operational private-vlan: none Trunking VLANs Enabled: ALL

8 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-8 Isolated PVLAN Configuration (3) sw2(config)# interface fastethernet 0/12 sw2(config-if)# switchport mode private-vlan promiscuous sw2(config-if)# switchport private-vlan mapping 100 201 Sw2# show interfaces fastethernet 0/12 switchport Name: Fa0/12 Switchport: Enabled Administrative Mode: private-vlan promiscuous Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: none ((Inactive)) Administrative private-vlan mapping: 100 (VLAN0100) 201 (VLAN0201) Operational private-vlan: none Trunking VLANs Enabled: ALL Configure the private VLAN promiscuous port.

9 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-9 Isolated PVLAN Verification sw# show vlan private-vlan type Vlan Type ---- ----------------- 100 primary 201 isolated sw# show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- --------------------------- 100 201 isolated fa0/1,fa0/2 Display the configured private VLANs, VLAN types, and mappings.

10 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-10 Community PVLAN Configuration  Set VTP transparent.  Create secondary VLANs.  Create a primary VLAN.  Associate secondary and primary VLANs.  Configure the port as host or promiscuous.  Configure the private VLAN association on the ports.  Configure a VLAN mapping on the internal IP interface for VLAN.

11 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-11 Community PVLAN Configuration (1) sw1(config)# vtp transparent sw1(config)# vlan 202 sw1(config-vlan)# private-vlan community sw1(config)# vlan 100 sw1(config-vlan)# private-vlan primary sw1(config-vlan)# private-vlan association add 202 sw2(config)# vtp transparent sw2(config)# vlan 202 sw2(config-vlan)# private-vlan community sw2(config)# vlan 100 sw2(config-vlan)# private-vlan primary sw2(config-vlan)# private-vlan association add 202 Configure private VLANs and VLAN association.

12 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-12 Community PVLAN Configuration (2) sw2(config)# interface range fastethernet 0/1 - 2 sw2(config-if)# switchport mode private-vlan host sw2(config-if)# switchport private-vlan host-association 100 202 sw2# show interfaces fastethernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: private-vlan host Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: 202 (VLAN0202) Administrative private-vlan mapping: none Operational private-vlan: none Trunking VLANs Enabled: ALL Configure a private VLAN host port.

13 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-13 Community PVLAN Configuration (3) sw2(config)# interface fastethernet 0/12 sw2(config-if)# switchport mode private-vlan promiscuous sw2(config-if)# switchport private-vlan mapping 100 202 Sw2# show interfaces fastethernet 0/12 switchport Name: Fa0/12 Switchport: Enabled Administrative Mode: private-vlan promiscuous Operational Mode: down Administrative Trunking Encapsulation: negotiate Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative private-vlan host-association: none ((Inactive)) Administrative private-vlan mapping: 100 (VLAN0100) 202 (VLAN0202) Operational private-vlan: none Trunking VLANs Enabled: ALL Configure a private VLAN promiscuous port.

14 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-14 Community PVLAN Verification sw# show vlan private-vlan type Vlan Type ---- ----------------- 100 primary 202 community sw2# show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- --------------------------- 100 202 community fa0/1,fa0/2 Display configured private VLANs, VLAN types, and mappings.

15 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-15  DNS, web, and SMTP servers are in DMZ and in same subnet.  DNS servers can communicate with each other and with router.  Web and SMTP servers can communicate only with router. PVLAN Example

16 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-16 PVLAN Example (Cont.) sw(config)# vtp transparent sw(config)# vlan 201 sw(config-vlan)# private-vlan isolated sw(config)# vlan 202 sw(config-vlan)# private-vlan community sw(config)# vlan 100 sw(config-vlan)# private-vlan primary sw(config-vlan)# private-vlan association 201,202 sw(config)# interface fastethernet 0/24 sw(config-if)# switchport mode private-vlan promiscuous sw(config-if)# switchport private-vlan mapping 100 201,202 sw(config)# interface range fastethernet 0/1 - 2 sw(config-if)# switchport mode private-vlan host sw2(config-if)# switchport private-vlan host-association 100 202 sw(config)# interface range fastethernet 0/3 - 4 sw(config-if)# switchport mode private-vlan host sw2(config-if)# switchport private-vlan host-association 100 201

17 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-17 PVLANs Across Multiple Switches  PVLANs can be carried over regular 802.1Q trunks.  PVLAN trunks can also be specifically created, in isolated modes (when downstream switch does not support PVLANs) or promiscuous mode (when upstream switch does not support PVLANs).

18 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-18 Summary  Device-to-device communication within a single VLAN can be blocked with the protected port feature.  Device communication within the same VLAN can be fine-tuned using PVLANs.  A PVLAN is associated with a primary VLAN and then is mapped to one or several ports.  A primary VLAN can map to one isolated and several community VLANs.  A typical use of PVLANs is for device isolation in a DMZ environment.  PVLANs can span several switches using regular 802.1Q trunks or PVLAN trunks.

19 © 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-19

Download ppt "© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Configuring PVLANs."

Similar presentations

Virtual Trunk Protocol

Virtual Trunk Protocol
Scalable Security in a Multi-Client Environment - Private VLANs Designing VLANs in Networks.

Scalable Security in a Multi-Client Environment - Private VLANs Designing VLANs in Networks.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Chapter 3: Link Aggregation

Chapter 3: Link Aggregation
192.168.0.0/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.

/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
KONFIGURASI INTERVLAN ROUTING Berikut langkah-langkah KONFIGURASI INTERVLAN ROUTING: *ps: -menggunakan beberapa switch vtp server, untuk memudahkan administrasi.

KONFIGURASI INTERVLAN ROUTING Berikut langkah-langkah KONFIGURASI INTERVLAN ROUTING: *ps: -menggunakan beberapa switch vtp server, untuk memudahkan administrasi.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Chapter 2: Implementing VLANs in Campus Networks

Chapter 2: Implementing VLANs in Campus Networks
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.
Packet Tracer 6 Building a VoIP Network (Part 3)

Packet Tracer 6 Building a VoIP Network (Part 3)
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Understanding Switch Security Issues.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward

VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
1 CCNA 3 v3.1 Module 9. 2 CCNA 3 Module 9 VLAN Trunking Protocol.

1 CCNA 3 v3.1 Module 9. 2 CCNA 3 Module 9 VLAN Trunking Protocol.
Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.

Layer 2: Redundancy and High Availability Part 1: General Overview on Assignment 1.
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
VLANs.ppt CCNA Exploration Semester 3 Chapter 3

VLANs.ppt CCNA Exploration Semester 3 Chapter 3

Similar presentations

Ads by Google