PVLAN Confusion
I'm doing some labs with PVLAN, and I've stumbled on configuring the isolated VLAN. So, here is what I understand about the configuration:
1. I create a primary VLAN and use 'no-local-switching' option to indicate it's a primary VLAN, but what does the option do? The documentation didn't tell me anything about that.
2. I assume that any trunks associated with the primary VLAN become a promiscuous port (please let me know if this is wrong) and those that are tagged with 'pvlan-trunk' are used to carry PVLAN data between different switches. Whereas, interfaces in the access mode become members of isolated VLAN?
3. When I create a community VLAN, I associate it to the primary VLAN with 'primary-vlan' option. Then I indicate interfaces being members of the VLAN to classify them into the community VLAN
4. Inter-switch isolated VLAN is carried using VLAN whose ID is indicated with 'isolated-id' option in the primary VLAN. But how do I associate an interface for it to be in the inter-switch isolated VLAN?
5. What if I wish to have an isolated VLAN and an inter-switch isolated VLAN at the same time and assign different interfaces into each? How can I do that?
Here is my current configuration:
Community_VLAN {
vlan-id 51;
interface {
ge-0/0/12.0;
ge-0/0/13.0;
ge-0/0/14.0;
}
primary-vlan Primary_VLAN;
}
Primary_VLAN {
vlan-id 50;
interface {
ge-0/0/0.0 {
pvlan-trunk;
}
ge-0/0/1.0;
ge-0/0/15.0;
}
no-local-switching;
}
root@SW5# run show vlans Primary_VLAN extensive
VLAN: Primary_VLAN, Created at: Wed Mar 23 00:30:51 2011
802.1Q Tag: 50, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged 4 (Active = 0)
ge-0/0/0.0*, tagged, trunk, pvlan-trunk
ge-0/0/1.0*, tagged, trunk
ge-0/0/12.0, untagged, access
ge-0/0/13.0, untagged, access
ge-0/0/14.0, untagged, access
ge-0/0/15.0, untagged, access
Secondary VLANs: Isolated 1, Community 1, Inter-switch-isolated 0
Isolated VLANs :
__pvlan_Primary_VLAN_ge-0/0/15.0__
Community VLANs :
Community_VLAN
PS: are there other verification commands other than the one above?
1. I create a primary VLAN and use 'no-local-switching' option to indicate it's a primary VLAN, but what does the option do? The documentation didn't tell me anything about that.
2. I assume that any trunks associated with the primary VLAN become a promiscuous port (please let me know if this is wrong) and those that are tagged with 'pvlan-trunk' are used to carry PVLAN data between different switches. Whereas, interfaces in the access mode become members of isolated VLAN?
3. When I create a community VLAN, I associate it to the primary VLAN with 'primary-vlan' option. Then I indicate interfaces being members of the VLAN to classify them into the community VLAN
4. Inter-switch isolated VLAN is carried using VLAN whose ID is indicated with 'isolated-id' option in the primary VLAN. But how do I associate an interface for it to be in the inter-switch isolated VLAN?
5. What if I wish to have an isolated VLAN and an inter-switch isolated VLAN at the same time and assign different interfaces into each? How can I do that?
Here is my current configuration:
Community_VLAN {
vlan-id 51;
interface {
ge-0/0/12.0;
ge-0/0/13.0;
ge-0/0/14.0;
}
primary-vlan Primary_VLAN;
}
Primary_VLAN {
vlan-id 50;
interface {
ge-0/0/0.0 {
pvlan-trunk;
}
ge-0/0/1.0;
ge-0/0/15.0;
}
no-local-switching;
}
root@SW5# run show vlans Primary_VLAN extensive
VLAN: Primary_VLAN, Created at: Wed Mar 23 00:30:51 2011
802.1Q Tag: 50, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged 4 (Active = 0)
ge-0/0/0.0*, tagged, trunk, pvlan-trunk
ge-0/0/1.0*, tagged, trunk
ge-0/0/12.0, untagged, access
ge-0/0/13.0, untagged, access
ge-0/0/14.0, untagged, access
ge-0/0/15.0, untagged, access
Secondary VLANs: Isolated 1, Community 1, Inter-switch-isolated 0
Isolated VLANs :
__pvlan_Primary_VLAN_ge-0/0/15.0__
Community VLANs :
Community_VLAN
PS: are there other verification commands other than the one above?