Cisco PVLAN的配置
VLAN即私有VLAN(Private VLAN),PVLAN采用两层VLAN隔离技术,只有上层VLAN全局可见,下层VLAN相互隔离。
VLAN即私有VLAN(Private VLAN),PVLAN采用两层VLAN隔离技术,只有上层VLAN全局可见,下层VLAN相互隔离。
每个pVLAN 包含2种VLAN :主VLAN(primary VLAN)和辅助VLAN(Secondary VLAN)。辅助VLAN(Secondary VLAN)包含两种类型:隔离VLAN(isolated VLAN)和团体VLAN(community VLAN)。
pVLAN中的两种接口类型:处在pVLAN中的交换机物理端口,有两种接口类型。
①混杂端口(Promiscuous Port)
②主机端口(Host Port)
pVLAN中的两种接口类型:处在pVLAN中的交换机物理端口,有两种接口类型。
①混杂端口(Promiscuous Port)
②主机端口(Host Port)
Catalyst3560, 45, 65系列支持
配置pVLAN的实例:
SwitchA(config)#vlan 100
SwitchA(config-vlan)#private-vlan primary
!设置主VLAN 100
SwitchA(config)#vlan 200
SwitchA(config-vlan)#private-vlan community
!设置团体VLAN 200
SwitchA(config)#vlan 100
SwitchA(config-vlan)#private-vlan primary
!设置主VLAN 100
SwitchA(config)#vlan 200
SwitchA(config-vlan)#private-vlan community
!设置团体VLAN 200
SwitchA(config)#vlan 300
SwitchA(config-vlan)#private-vlan isolated
!设置隔离VLAN 300
SwitchA(config-vlan)#private-vlan isolated
!设置隔离VLAN 300
SwitchA(config)#vlan 100
SwitchA(config-vlan)#private-vlan association 200,300
!将辅助VLAN关联到主VLAN
SwitchA(config-vlan)#private-vlan association 200,300
!将辅助VLAN关联到主VLAN
SwitchA(config)#interface vlan 100
SwitchA(config-if)#private-vlan mapping add 200,300
!将辅助VLAN映射到主VLAN接口,允许pVLAN入口流量的三层交换
SwitchA(config)# interface fastethernet 0/2
SwitchA(config-if)#switchport mode private-vlan host
SwitchA(config-if)#switchport private-vlan host-association 100 200
!2号口划入团体VLAN 200
SwitchA(config)# interface fastethernet 0/3
SwitchA(config-if)#switchport mode private-vlan host
SwitchA(config-if)#switchport private-vlan host-association 100 300
!3号口划入隔离VLAN 300
SwitchA(config-if)#switchport mode private-vlan host
SwitchA(config-if)#switchport private-vlan host-association 100 300
!3号口划入隔离VLAN 300
SwitchA(config)# interface fastethernet 0/1
SwitchA(config-if)#switchport mode private-vlan promiscuous
SwitchA(config-if)#switchport private-vlan mapping 100 add 200-300
!1号口杂合模式
SwitchA(config-if)#switchport mode private-vlan promiscuous
SwitchA(config-if)#switchport private-vlan mapping 100 add 200-300
!1号口杂合模式
CatOS的配置
set vlan 100 pvlan-type primary
set vlan 200 pvlan-type community
set vlan 300 pvlan-type isolated
set pvlan 100 200 5/1
set pvlan 100 300 5/2
set pvlan mapping 100,200 15/1
set pvlan mapping 100,300 15/1 //指定混杂模式的接口
set vlan 100 pvlan-type primary
set vlan 200 pvlan-type community
set vlan 300 pvlan-type isolated
set pvlan 100 200 5/1
set pvlan 100 300 5/2
set pvlan mapping 100,200 15/1
set pvlan mapping 100,300 15/1 //指定混杂模式的接口
关于端口隔离
Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# switchport protected
Switch(config-if)# switchport protected
Catalyst 29 35系列支持
网关 及共享口 不敲protected 即可通信
网关 及共享口 不敲protected 即可通信
转载于:https://blog.51cto.com/512264630/326903
665
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
