标签:cisco vlan 3560 pvlan primary vlan
拓扑图:
Pvlan主要用于广播域中的主机,进行隔离,提供安全性。
每个Pvlan包括2中vlan:
主vlan(primary)
辅助vlan(secondary)
辅助vlan分为:
隔离vlan(isolated)
团体vlan(community)
Pvlan中有2中接口类型:
主机端口(host port)
混杂端口(promiscuous port)
主vlan和辅助vlan之间可以建立通讯,辅助之间不能相互通讯,
在同一个辅助vlan中,团体vlan内的主机可以相互通讯,隔离vlan内的主机不能相互通讯。
1、使交换机处于VTP transparent模式
C3560G-01#conf t
C3560G-01(config)#vtp mode transparent
2、如图创建primary vlan 200,community vlan 201 202 203和isolated vlan 204
并且使secondary vlan 201 202 203 204 关联primary vlan 200
C3560G-01(config)#vlan 200
C3560G-01(config-vlan)#private-vlan primary
C3560G-01(config)#vlan 201
C3560G-01(config-vlan)#private-vlan community
C3560G-01(config)#vlan 202
C3560G-01(config-vlan)#private-vlan community
C3560G-01(config)#vlan 203
C3560G-01(config-vlan)#private-vlan community
C3560G-01(config)#vlan 204
C3560G-01(config-vlan)#private-vlan isolated
C3560G-01(config)#vlan 200
C3560G-01(config-vlan)#private-vlan association add 201,202,203,204
3、配置接口类型,把接口划入vlan中
C3560G-01(config)#int range g0/1-2
C3560G-01(config-if)#switchport mode private-vlan promiscuous
C3560G-01(config-if)#switchport private-vlan mapping 200 201,202,203,204
C3560G-01(config)#int range g0/3-6
C3560G-01(config-if)#switchport mode private-vlan host
C3560G-01(config-if)#switchport private-vlan host-association 200 201
C3560G-01(config)#int range g0/7-10
C3560G-01(config-if)#switchport mode private-vlan host
C3560G-01(config-if)#switchport private-vlan host-association 200 202
C3560G-01(config)#int range g0/11-14
C3560G-01(config-if)#switchport mode private-vlan host
C3560G-01(config-if)#switchport private-vlan host-association 200 203
C3560G-01(config)#int range g0/15-18
C3560G-01(config-if)#switchport mode private-vlan host
C3560G-01(config-if)#switchport private-vlan host-association 200 204
4、查看
C3560G-01#show vlan private-vlan
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
200 201 community G0/1, G0/2, G0/3, G0/4, G0/5, G0/6
200 202 community G0/1, G0/2, G0/7, G0/8, G0/9, G0/10
200 203 community G0/1, G0/2, G0/11, G0/12, G0/13, G0/14
200 204 isolated G0/1, G0/2, G0/15, G0/16, G0/17, G0/18
5、测试
略!
本文出自 “XiaoXiaoDong” 博客,请务必保留此出处http://xiaoxiaodong.blog.51cto.com/2809770/1533637
标签:cisco vlan 3560 pvlan primary vlan
原文地址:http://xiaoxiaodong.blog.51cto.com/2809770/1533637
