拓扑图:

PVLAN-配置案例(图)_第1张图片

Pvlan主要用于广播域中的主机,进行隔离,提供安全性。


每个Pvlan包括2中vlan:

      主vlan(primary)

      辅助vlan(secondary)

            

          辅助vlan分为:

              隔离vlan(isolated)

              团体vlan(community)


Pvlan中有2中接口类型:

      主机端口(host port)

      混杂端口(promiscuous port)


主vlan和辅助vlan之间可以建立通讯,辅助之间不能相互通讯,

在同一个辅助vlan中,团体vlan内的主机可以相互通讯,隔离vlan内的主机不能相互通讯。



1、使交换机处于VTP transparent模式

C3560G-01#conf t

C3560G-01(config)#vtp mode transparent


2、如图创建primary vlan 200,community vlan 201 202 203和isolated vlan 204

   并且使secondary vlan 201 202 203 204 关联primary vlan 200


C3560G-01(config)#vlan 200

C3560G-01(config-vlan)#private-vlan primary


C3560G-01(config)#vlan 201

C3560G-01(config-vlan)#private-vlan community


C3560G-01(config)#vlan 202

C3560G-01(config-vlan)#private-vlan community


C3560G-01(config)#vlan 203

C3560G-01(config-vlan)#private-vlan community


C3560G-01(config)#vlan 204

C3560G-01(config-vlan)#private-vlan isolated


C3560G-01(config)#vlan 200

C3560G-01(config-vlan)#private-vlan association add 201,202,203,204


3、配置接口类型,把接口划入vlan中


C3560G-01(config)#int range g0/1-2

C3560G-01(config-if)#switchport mode private-vlan promiscuous

C3560G-01(config-if)#switchport private-vlan mapping 200 201,202,203,204


C3560G-01(config)#int range g0/3-6

C3560G-01(config-if)#switchport mode private-vlan host

C3560G-01(config-if)#switchport private-vlan host-association 200 201


C3560G-01(config)#int range g0/7-10

C3560G-01(config-if)#switchport mode private-vlan host

C3560G-01(config-if)#switchport private-vlan host-association 200 202



C3560G-01(config)#int range g0/11-14

C3560G-01(config-if)#switchport mode private-vlan host

C3560G-01(config-if)#switchport private-vlan host-association 200 203


C3560G-01(config)#int range g0/15-18

C3560G-01(config-if)#switchport mode private-vlan host

C3560G-01(config-if)#switchport private-vlan host-association 200 204


4、查看


C3560G-01#show vlan private-vlan


Primary Secondary Type              Ports


------- --------- ----------------- ------------------------------------------  

200     201       community         G0/1, G0/2, G0/3, G0/4, G0/5, G0/6

200     202       community         G0/1, G0/2, G0/7, G0/8, G0/9, G0/10

200     203       community         G0/1, G0/2, G0/11, G0/12, G0/13, G0/14

200     204       isolated          G0/1, G0/2, G0/15, G0/16, G0/17, G0/18


5、测试

略!