PVLAN

1. Private-VLAN包含两种VLAN:Primary VLAN和Secondary VLAN
2. Primary VLAN包含:一个Promiscuous Port,所有Secondary Port都与Promiscuous Port之间相互访问.
3. 所有Secondary VLAN都与Primary VLAN之间相互访问
4. Secondary VLAN包含两种VLAN类型:Community VLAN和Isolated VLAN
5. Community VLAN中的端口称为 Community Port
6. Isolated VLAN中的端口称为 Isolated Port
7. 在同一个Community VLAN内,端口与端口之间是可以相互访问的,并且与Promiscuous Port之间相互访问.
8. 在不同Community VLAN之间,端口与端口之间是不可以相互访问的,但可以各自与Promiscuous Port之间相互访问.
9. 在同一个Isolated VLAN内,端口与端口之间是不可以相互访问的,并且只能与 Promiscuous Port之间相互访问.
10. 在不同Isolated VLAN之间,端口与端口之间仍然不可以下互访问的,并且也只能与Promiscuous Port之间相互访问.
11. 在有的交换机设备上,将Isolated Port 称为Protected Port保护端口,在同一台设备上Protected Port之间是不可以访问的,但是在不同设备上的Protected Port 之间是不存在隔离的,是可以相互访问的.

IOS版的PVLAN配置:

config terminal

vtp mode transparent

vlan 100

private-vlan primary

private-vlan association add 500,501

exit

vlan 500

private-vlan isolated

exit

vlan 501

private-vlan community

exit

interface fastethernet 0/48

switchport

switchport mode private-vlan promiscuous

switchport private-vlan mapping 100 add 500,501

no shutdown

exit

interface vlan 100

private-vlan mapping add 500,501

no shutdown

exit

interface fastethernet 0/1

switchport

switchport mode private-vlan host

switchport private-vlan host-association 100,500

no shutdown

exit

interface fastethernet 0/2

switchport

switchport mode private-vlan host

switchport private-vlan host-association 100,501

no shutdown

exit

show vlan private-vlan

 

CatOS版的PVLAN配置:

set vtp mode transparent

set vlan 100 pvlan-type primary

set vlan 500 pvlan-type isolated

set vlan 501 pvlan-type community

set pvlan 100,500 0/1

set pvlan 100,501 0/2

set pvlan mapping 100,500 0/48

set pvlan mapping 100,501 0/48

show pvlan

show pvlan mapping