PVLAN的2种VLAN:
主要VLAN(Primary VLAN):把流量从混杂端口传送到隔离、团体和同一个VLAN内部的其它主要混杂端口。
辅助VLAN(Secondary VLAN):辅助VLAN包含两种VLAN类型:
隔离VLAN(Isolated VLAN):把流量从隔离端口传送到一个混杂端口。隔离VLAN中的端口,使其不能与PVLAN(另一个团体VLAN端口或相同隔离VLAN内的端口)内部的任何其它端口进行第2层通信。若要与其它端口通信,则必须穿越混杂端口。
团体VLAN(Community VLAN):在相同团体VLAN内部的团体端口之间传送流量并传送到混杂端口,团体VLAN内的端口可以在第2层彼此通信(只是在相同团体VLAN内部),但是不能与其它团体或隔离VLAN的端口进行通信。若要与其它端口进行通信,则必须穿越混杂端口。
PVLAN的2种端口类型:
混杂端口(Promiscuous Port):隶属于“Primary VLAN”,一个混杂端口可以与所有接口通信,包括PVLAN内的隔离和团体端口;混杂端口的功能是在团体和隔离的VLAN端口之间传递流量。
主机端口(Host Port):隶属于“Secondary VLAN”,由于“Secondary VLAN”具有两种属性,那么主机端口依“Secondary VLAN”属性的不同也有两种分类:
隔离端口(Isolated Port):它与PVLAN内的所有其它端口相分离,除混杂端口外;来源于隔离端口的流量仅仅传送给混杂端口。
团体端口(Community Port):它在逻辑上把相同区域内部的各个端口和混杂端口结合到一起,流量可以在它们之间传送。
PVLAN的使用规则:
1.一个“Primary PVLAN”当中只能有1个“PromiscuousPort”;
2.一个“Primary PVLAN”当中至少有1个“SecondaryPVLAN”,但是没有上限;
3.一个“Primary PVLAN”当中只能有1个“IsolatedPVLAN”,可以有多个“CommunityPVLAN”;
4.不同“Primary PVLAN”之间的任何端口都不能互相通信(这里“互相通信”是指二层连通性);
5.“Isolated Port”只能与“Promiscuous Port”通信,除此之外不能与任何其他端口通信;
6.“Community Port”可以和“Promiscuous Port”通信,也可以和同一“Community PVLAN”中的其它物理端
口进行通信,除此之外不能和其他端口通信。
7.创建PVLAN前,需要配置VTP模式为Transparent,在配置PVLAN后,将不能再把模式转变为Server和Client;
8.在配置PVLAN中,不使用VLAN1,VLAN1002 - 1005;
9.三层的VLAN接口只能分配给主VLAN;
10.不能在PVLAN中配置EtherChannel;
11.假如交换机上一个端口作为SPAN的目的端口,这个端口会在配置PVLAN的后失效;
12.PVLAN的端口可以做SPAN的源端口;
13.假如在PVLAN中删除了一个VLAN,那么属于该VLAN的端口将失效。
单位最近更新了一台cisco3560交换机,为了隔绝广播风暴,划了几个vlan,使用pvlan方式划分,1--28口为子vlan501,其中的口可相互通讯,29-38口为vlan502,其中的口相互隔离,39-46为主vlan50的共用出口。
hostname Switch
!
enable password cisco
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 50
private-vlan primary //将VLAN 50定义为主要VLAN
private-vlan association 501-502 //将流量传输到vlan501和502
!
vlan 501
private-vlan community //将VLAN501定义为团体VLAN,团体VLAN下的端口之间可以通信
!
vlan 502
private-vlan isolated //将VLAN502定义为隔离VLAN,隔离VLAN下的端口之间不能通信
!
!
interface FastEthernet0/1
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/2
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/3
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/4
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/5
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/6
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/7
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/8
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/9
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/10
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/11
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/12
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/13
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/14
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/15
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/16
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/17
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/18
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/19
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/20
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/21
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/22
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/23
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/24
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/25
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/26
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/27
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/28
switchport private-vlan host-association 50 501
switchport mode private-vlan host
!
interface FastEthernet0/29
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/30
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/31
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/32
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/33
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/34
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/35
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/36
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/37
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/38
switchport private-vlan host-association 50 502
switchport mode private-vlan host
!
interface FastEthernet0/39
switchport private-vlan mapping 50 501-502
switchport mode private-vlan promiscuous
!
interface FastEthernet0/40
switchport private-vlan mapping 50 501-502
switchport mode private-vlan promiscuous
!
interface FastEthernet0/41
switchport private-vlan mapping 50 501-502
switchport mode private-vlan promiscuous
!
interface FastEthernet0/42
switchport private-vlan mapping 50 501-502
switchport mode private-vlan promiscuous
!
interface FastEthernet0/43
switchport private-vlan mapping 50 501-502
switchport mode private-vlan promiscuous
!
interface FastEthernet0/44
switchport private-vlan mapping 50 501-502
switchport mode private-vlan promiscuous
!
interface FastEthernet0/45
switchport private-vlan mapping 50 501-502
switchport mode private-vlan promiscuous
!
interface FastEthernet0/46
switchport private-vlan mapping 50 501-502
switchport mode private-vlan promiscuous
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
no ip address
!
interface Vlan50
ip address 10.180.16.254 255.255.255.0
!
ip classless
ip http server
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
5637
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
