Private VLANs

Hi all,

A guy from work has given me a number of tasks to do using private VLANs. We got 9 routers and created a topology.

1 switch and 9 routers (acting as hosts). He used the network 157.125.28.0 /24 and VLAN 10.

There will be:
2 hosts in community #1
2 hosts in community #2
2 hosts isolated
1 router as the promiscuous port
Another host on the VLAN but not a private VLAN

I need to find out details such as, if a community host tries to ping the isolated host what happens when the host ARPs

Question:
I was under the impression that all of the hosts (community, isolated, promiscuous port) would be on the same VLAN, 10. I just watched a video though and they were all on different VLANs and you had to have the primary/secondary VLAN and associate them.
Is it not possible then to have all of the hosts on the same VLAN and network? I would just lab this and see if it works but I didn't have time yesterday to plug everything in! Also when I was being told what to do, we only spoke of 1 VLAN, he didn't mention another.

Thanks in advance

Edit:
Think I understand this now, so VLAN 10 will be the primary VLAN but I will still need VLAN 11 for community 1, VLAN 12 for community 13 and VLAN 13 for the isolated ports.

Find more posts tagged with

Comments

mattau

your edit bit is the way to look at it. Also another good way to look at is what private vlans solve in the first place. A vlan = a subnet which means you have wasted IP address space. With private vlans 157.125.28.0 /24 can be used for everyone in the same primary vlan, its the secondary vlan that provides the segmentation.

BobMead

Great knowledge to setup private VLan

Basic Private VLAN Configuration - Packet Life

I am doing this on a 3750 with c3750-advipservicesk9-mz.122-40.SE.bin