Skip to main content

Private VLAN

Private VLAN, also known as port isolation, is a technique in  networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given uplink. The restricted ports are called private ports. Each private VLAN typically contains many private ports, and a single uplink.

Use of Private VLANs

Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports. You can have more than one isolated port in a specified isolated VLAN. Each port is completely isolated from all other ports in the isolated VLAN.

Types of Private VLANs

The private VLAN always has one primary VLAN. Within the primary VLAN you will find the promiscuous port. In the following picture  you can see that there’s a router connected to a promiscuous port. All other ports are able to communicate with the promiscuous port. Within the primary VLAN you will encounter one or more secondary VLANs, there are two types:

  • Isolated VLAN: All ports within the isolated VLAN are not able to communicate with each other but they can communicate with the promiscuous port.
  • Community VLAN: All ports within the community VLAN are able to communicate with each other and the promiscuous port.


Secondary VLANS can always communicate with the promiscuous port but they can never communicate with other secondary VLANs



Configuration of Private VLANS

We will use the above topology to demonstrate the configuration of Private VLANS.

The topology shows 

  • Primary VLAN is 100
  • Secondary Community VLAN is 101
  • Secondary Isolated VLAN is 102
  • PC0 and PC1are belongs to community VLAN that should be able to communicate each other and also the Router connected to the promiscuous port.
  • PC2 and PC3 are in the isolated VLAN that can only communicate with the Router on the promiscuous port.
  • The Router is able to reach all ports.

First we should configure the Switch VTP mode to transparent for configuring PVLAN.

Switch(config)#vtp mode transparent 

Configuration of the community VLAN.

Create VLAN 101 and tell the switch that this is a community VLAN by typing the private-vlan community command. Next create VLAN 100 and configuring it as the primary VLAN with the private-vlan primary command. Then tell the switch that VLAN 101 is a secondary VLAN by using the private-vlan association command.

Switch(config)#vlan 101
Switch(config-vlan)#private-vlan community
Switch(config-vlan)#vlan 100
Switch(config-vlan)#private-vlan primary
Switch(config-vlan)#private-vlan association add 101
Configure switch Ports Fa0/1 and Fa0/2 to Community VLAN 101

Switch(config)#interface range fa0/1 - 2
Switch(config-if-range)#switchport mode private-vlan host
Switch(config-if-range)#switchport private-vlan host-association 100 101

Configure the promiscuous port

Configure Fa0/10 which is connected to router as promiscuous port.

Switch(config)#interface fa0/10
Switch(config-if)#switchport mode private-vlan promiscuous
Switch(config-if)#switchport private-vlan mapping 100 101

Configuration of the isolated VLAN

The configuration is the same as the community VLAN but use private vlan isolated command

Switch(config)#vlan 102
Switch(config-vlan)#private-vlan isolated
Switch(config-vlan)#vlan 100
Switch(config-vlan)#private-vlan primary
Switch(config-vlan)#private-vlan association add 102
Configure switch Ports Fa0/3 and Fa0/4 which are connected to PC2 and PC3 to Isolated VLAN 102

Switch(config)#interface range fa0/3 - 4
Switch(config-if-range)#switchport mode private-vlan host
Switch(config-if-range)#switchport private-vlan host-association 100 102

We already configured Promiscuous Port on Fa0/10. We need to create an additional mapping between VLAN 100 (primary) and VLAN 102 (secondary).

Switch(config)#interface fa0/10
Switch(config-if)#switchport mode private-vlan promiscuous
Switch(config-if)#switchport private-vlan mapping 100 102

Commands to Verify the Configuration

Switch#show interfaces fastEthernet 0/1 switchport
Switch#show interface fa0/19 switchport
Switch#show vlan private-vlan
Switch#show vlan private-vlan type

Assigning IP Address

Assign IP addresses to the four PCs and Router Interface belongs to the network 192.168.0.0/24. 

Result:

  • PC0 and PC1 can communicate with each other and Router Interface and not able to communicate with PC2 and PC3.
  • PC2 and PC3 can not communicate with each other. They can only communicate with router port only.








Labels:

Comments

Post a Comment

Popular posts from this blog

ORACLE Express Edition: Getting Started

1. Introduction to Oracle Database 21c Express Edition (XE) - Free, lightweight version of Oracle Database - Ideal for learning and small-scale applications - Limited to 12GB of user data and uses up to 2GB of RAM 2. Installation and Setup 2.1 Installing Oracle 21c XE 1. Download Oracle 21c XE from: https://www.oracle.com/database/technologies/xe-downloads.html 2. Run the installer:    - Windows: Double-click the .exe file    - Linux: Use `rpm` or `yum` command 3. Follow the installation wizard:  Accept the license agreement Choose an installation location (default is usually fine) Set a password for the SYS, SYSTEM, and PDBADMIN accounts (write this down!) Select the option to start the database service automatically (recommended)  4. Complete the installation: Wait for the installation process to finish Note down the database connection details provided at the end The default container database (CDB) name is XE The default pluggable database (PDB) nam...
Post a Comment
Read more

Practical 1: Getting Started with MYSQL

 Getting Started with MySQL Introduction to MySQL Definition: MySQL is an open-source relational database management system (RDBMS) Uses: Web applications, data warehousing, e-commerce, logging applications Key features: Speed, reliability, scalability, and ease of use Installing MySQL Download MySQL Community Server from official website Follow installation wizard for your operating system Set root password during installation Verify installation: mysql --version MySQL Command-line Client Accessing MySQL: mysql -u root -p Basic commands: SHOW DATABASES ; CREATE DATABASE mydb ; USE mydb ; SHOW TABLES ; MySQL Workbench Introduction: Visual tool for database design and management Key features: SQL development Data modeling Server administration Example: Creating a new connection New Connection > Enter details (hostname, username, password) PHPMyAdmin Web-based MySQL administration tool Often comes pre-installed with web hosting packag...
Post a Comment
Read more

MYSQL Constraints

 PK - Primary Key: Uniquely identifies each record in a table. NN - Not Null: Ensures a column cannot have a NULL value. UQ - Unique: Ensures all values in a column are different. B - Binary: Stores binary byte strings. UN - Unsigned: For numeric types, allows only non-negative values. ZF - Zero Fill: Pads numeric values with zeros to the left. AI - Auto Increment: Automatically generates a unique number for new records. G - Generated Column: Value is computed from an expression. PK - Primary Key A primary key uniquely identifies each record in a table. It must contain unique values and cannot have NULL values.  Example: CREATE TABLE Students ( StudentID INT PRIMARY KEY , Name VARCHAR ( 50 ) , Age INT ) ; Here, StudentID is the primary key. NN - Not Null  This constraint ensures that a column cannot have NULL values.  Example: CREATE TABLE Employees ( EmployeeID INT PRIMARY KEY , Name VARCHAR ( 50 ) NOT NULL , Email VA...
Post a Comment
Read more