您的位置:首页 > 其它

PVLAN-配置案例(图)

2014-08-01 11:42 176 查看
拓扑图:



Pvlan主要用于广播域中的主机,进行隔离,提供安全性。

每个Pvlan包括2中vlan:
主vlan(primary)
辅助vlan(secondary)

辅助vlan分为:
隔离vlan(isolated)
团体vlan(community)

Pvlan中有2中接口类型:
主机端口(host port)
混杂端口(promiscuous port)

主vlan和辅助vlan之间可以建立通讯,辅助之间不能相互通讯,
在同一个辅助vlan中,团体vlan内的主机可以相互通讯,隔离vlan内的主机不能相互通讯。

1、使交换机处于VTP transparent模式
C3560G-01#conf t
C3560G-01(config)#vtp mode transparent

2、如图创建primary vlan 200,community vlan 201 202 203和isolated vlan 204
并且使secondary vlan 201 202 203 204 关联primary vlan 200

C3560G-01(config)#vlan 200
C3560G-01(config-vlan)#private-vlan primary

C3560G-01(config)#vlan 201
C3560G-01(config-vlan)#private-vlan community

C3560G-01(config)#vlan 202
C3560G-01(config-vlan)#private-vlan community

C3560G-01(config)#vlan 203
C3560G-01(config-vlan)#private-vlan community

C3560G-01(config)#vlan 204
C3560G-01(config-vlan)#private-vlan isolated

C3560G-01(config)#vlan 200
C3560G-01(config-vlan)#private-vlan association add 201,202,203,204

3、配置接口类型,把接口划入vlan中

C3560G-01(config)#int range g0/1-2
C3560G-01(config-if)#switchport mode private-vlan promiscuous
C3560G-01(config-if)#switchport private-vlan mapping 200 201,202,203,204

C3560G-01(config)#int range g0/3-6
C3560G-01(config-if)#switchport mode private-vlan host
C3560G-01(config-if)#switchport private-vlan host-association 200 201

C3560G-01(config)#int range g0/7-10
C3560G-01(config-if)#switchport mode private-vlan host
C3560G-01(config-if)#switchport private-vlan host-association 200 202

C3560G-01(config)#int range g0/11-14
C3560G-01(config-if)#switchport mode private-vlan host
C3560G-01(config-if)#switchport private-vlan host-association 200 203

C3560G-01(config)#int range g0/15-18
C3560G-01(config-if)#switchport mode private-vlan host
C3560G-01(config-if)#switchport private-vlan host-association 200 204

4、查看

C3560G-01#show vlan private-vlan

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------
200 201 community G0/1, G0/2, G0/3, G0/4, G0/5, G0/6
200 202 community G0/1, G0/2, G0/7, G0/8, G0/9, G0/10
200 203 community G0/1, G0/2, G0/11, G0/12, G0/13, G0/14
200 204 isolated G0/1, G0/2, G0/15, G0/16, G0/17, G0/18

5、测试
略!

本文出自 “XiaoXiaoDong” 博客,请务必保留此出处http://xiaoxiaodong.blog.51cto.com/2809770/1533637
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航