Skip to main content

Private VLAN

Private VLAN, also known as port isolation, is a technique in  networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given uplink. The restricted ports are called private ports. Each private VLAN typically contains many private ports, and a single uplink.

Use of Private VLANs

Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports. You can have more than one isolated port in a specified isolated VLAN. Each port is completely isolated from all other ports in the isolated VLAN.

Types of Private VLANs

The private VLAN always has one primary VLAN. Within the primary VLAN you will find the promiscuous port. In the following picture  you can see that there’s a router connected to a promiscuous port. All other ports are able to communicate with the promiscuous port. Within the primary VLAN you will encounter one or more secondary VLANs, there are two types:

  • Isolated VLAN: All ports within the isolated VLAN are not able to communicate with each other but they can communicate with the promiscuous port.
  • Community VLAN: All ports within the community VLAN are able to communicate with each other and the promiscuous port.


Secondary VLANS can always communicate with the promiscuous port but they can never communicate with other secondary VLANs



Configuration of Private VLANS

We will use the above topology to demonstrate the configuration of Private VLANS.

The topology shows 

  • Primary VLAN is 100
  • Secondary Community VLAN is 101
  • Secondary Isolated VLAN is 102
  • PC0 and PC1are belongs to community VLAN that should be able to communicate each other and also the Router connected to the promiscuous port.
  • PC2 and PC3 are in the isolated VLAN that can only communicate with the Router on the promiscuous port.
  • The Router is able to reach all ports.

First we should configure the Switch VTP mode to transparent for configuring PVLAN.

Switch(config)#vtp mode transparent 

Configuration of the community VLAN.

Create VLAN 101 and tell the switch that this is a community VLAN by typing the private-vlan community command. Next create VLAN 100 and configuring it as the primary VLAN with the private-vlan primary command. Then tell the switch that VLAN 101 is a secondary VLAN by using the private-vlan association command.

Switch(config)#vlan 101
Switch(config-vlan)#private-vlan community
Switch(config-vlan)#vlan 100
Switch(config-vlan)#private-vlan primary
Switch(config-vlan)#private-vlan association add 101
Configure switch Ports Fa0/1 and Fa0/2 to Community VLAN 101

Switch(config)#interface range fa0/1 - 2
Switch(config-if-range)#switchport mode private-vlan host
Switch(config-if-range)#switchport private-vlan host-association 100 101

Configure the promiscuous port

Configure Fa0/10 which is connected to router as promiscuous port.

Switch(config)#interface fa0/10
Switch(config-if)#switchport mode private-vlan promiscuous
Switch(config-if)#switchport private-vlan mapping 100 101

Configuration of the isolated VLAN

The configuration is the same as the community VLAN but use private vlan isolated command

Switch(config)#vlan 102
Switch(config-vlan)#private-vlan isolated
Switch(config-vlan)#vlan 100
Switch(config-vlan)#private-vlan primary
Switch(config-vlan)#private-vlan association add 102
Configure switch Ports Fa0/3 and Fa0/4 which are connected to PC2 and PC3 to Isolated VLAN 102

Switch(config)#interface range fa0/3 - 4
Switch(config-if-range)#switchport mode private-vlan host
Switch(config-if-range)#switchport private-vlan host-association 100 102

We already configured Promiscuous Port on Fa0/10. We need to create an additional mapping between VLAN 100 (primary) and VLAN 102 (secondary).

Switch(config)#interface fa0/10
Switch(config-if)#switchport mode private-vlan promiscuous
Switch(config-if)#switchport private-vlan mapping 100 102

Commands to Verify the Configuration

Switch#show interfaces fastEthernet 0/1 switchport
Switch#show interface fa0/19 switchport
Switch#show vlan private-vlan
Switch#show vlan private-vlan type

Assigning IP Address

Assign IP addresses to the four PCs and Router Interface belongs to the network 192.168.0.0/24. 

Result:

  • PC0 and PC1 can communicate with each other and Router Interface and not able to communicate with PC2 and PC3.
  • PC2 and PC3 can not communicate with each other. They can only communicate with router port only.








Labels:

Comments

Post a Comment

Popular posts from this blog

Python OOPs Concepts: Using Variables and Methods

  Types of Variables in OOPs Python   Instance Variable Static Variable Local Variable   Object Level Variables Class Level Variables Method Level Variables When to use: For Every Object if you want Separate copy, use Instance Variables For all object one copy is required, use static variables Inside method, Just used for temporary requirement Where to Declare Inside the constructor method (in general) Within the class directly, outside of methods (in general)   Within the method only. How to Declare Within the constructor: Instance variables can be declared within the constructor method using the self .   Using default values : Instance variables can be assigned default values during initialization.   Outside the class: use object name.   ·          Within the class directly
1 comment
Read more

Polymorphism: Method Overloading vs Method Overriding

  Method Overloading In object-oriented programming languages, method overloading enables a class to have several methods with the same name but different parameters. However, in Python, method overloading is not directly supported as opposed to languages such as Java or C++. This is because Python allows developers to define default arguments for their methods and pass arguments of any type to a method. This flexibility allows a single method to handle various types of arguments, eliminating the need for overloading.   However, there is a way to simulate method overloading in Python by using default argument values or variable length arguments and conditional statements. Here's an example: Program using default arguments:       Program using variable length arguments:   Multiple methods with Same Name: When we define multiple methods with same name, Python will consider the last defined method only. Python will not support method overloading. ( Why? Method overlo
Post a Comment
Read more

Inheritance

Inheritance is a fundamental concept in object-oriented programming, which allows a class to inherit properties and methods from another class. There are several types of inheritance, including: Single Inheritance: In single inheritance, a subclass inherits properties and methods from a single parent class. The subclass is said to be derived from the parent class. Multiple Inheritance: Multiple inheritance allows a subclass to inherit properties and methods from multiple parent classes. In this case, the subclass is said to have multiple base classes. However, multiple inheritance can lead to complexity and ambiguity in the code. Multilevel Inheritance: Multilevel inheritance occurs when a subclass inherits properties and methods from a parent class, which in turn inherits from another parent class. In this case, the subclass is said to be derived from both the parent class and the grandparent class. Hierarchical Inheritance: Hierarchical inheritance occurs when multiple subclasses
Post a Comment
Read more