Anuj Kumar

ciscobulls@gmail.com

CCNP SWITCH

PORTABLE STUDY GUIDE

&

PRACTICE WORK BOOK

ANUJ KUMAR

email:- ciscobulls@gmail.com

anuj_dev007@yahoo.com

networkbulls.com

Anuj Kumar

ciscobulls@gmail.com

Private Vlan

Feature:-

Private Vlan provides isolation between ports within the same network.

It’s provided security and reduces the number of IP subnet.

pVLANs require VTP switches to be in transparent mode.

pVLANs can span multiple switches that support the pVLAN’s trunking feature.

Example: - Service providers use pVLANs to deploy hosting services and network access where all devices reside in

the same subnet but only communicate to a default gateway, servers or another network.

PRIVATE VLAN CONSIST TWO TYPES OF VLAN.

1: - Primary VLAN (Promiscuous is also called Primary VLAN)

It is called high level VLAN.

It can have many secondary VLANs

Secondary VLANs belong to same subnet as primary VLAN.

2: - Secondary VLAN

It is child VLAN to primary VLAN.

All end devices belong to a secondary VLAN.

TWO TYPES OF SECONDARY VLAN.

1:- Community VLANS

These ports communicate with other ports in the same community but not another community VLAN port,

and (Primary VLAN Ports) promiscuous port.

2: - Isolated VLANS

These ports can only communicate with promiscuous ports.

Note: -These ports can not communicate with other port in the same isolated.

Anuj Kumar

ciscobulls@gmail.com

Configuration of Private VLAN: -

Configure switch as an in transparent mode

Switch(config)#vtp mode transparent

Configure Primary VLAN

Switch(config)# vlan 100

Switch(config-vlan)# private-vlan primary

Configure Secondary VLANs (two community, one isolated)

Switch(config)# vlan 200

Switch(config-vlan)# private-vlan community

Switch(config)# vlan 300

Switch(config-vlan)# private-vlan community

Switch(config)# vlan 400

Switch(config-vlan)# private-vlan isolated

Associate secondary VLANs to primary VLAN

Anuj Kumar

ciscobulls@gmail.com

Switch(config)# vlan 100

Switch(config-vlan)# private-vlan association 200,300,400

Configure access ports for promiscuous mode.

Switch(config)# interface range fa 0/7 – 8

Switch(config-if)# switchport mode private-vlan promiscuous

Switch(config-if)#switchport private-vlan mapping 100 200,300,400

Switch(config-if)# exit

Configure access ports for community-A pVLANs.

Switch(config)# interface range fa 0/1 – 2

Switch(config-if)# switchport mode private-vlan host

Switch(config-if)# switchport private-vlan host-association 100 200

Switch(config-if)# exit

Configure access ports for community-B pVLANs.

Switch(config)# interface range fa 0/3 – 4

Switch(config-if)# switchport mode private-vlan host

Switch(config-if)# switchport private-vlan host-association 100 300

Switch(config-if)# exit

Configure access ports for Isolated pVLANs.

Switch(config)# interface range fa 0/5 – 6

Switch(config-if)# switchport mode private-vlan host

Switch(config-if)# switchport private-vlan host-association 100 400

Switch(config-if)# exit

Verify commands: -

Switch#show vlan private-vlan

Switch#show vlan private-vlan type