Private VLANs
Hi all,
A guy from work has given me a number of tasks to do using private VLANs. We got 9 routers and created a topology.
1 switch and 9 routers (acting as hosts). He used the network 157.125.28.0 /24 and VLAN 10.
There will be:
2 hosts in community #1
2 hosts in community #2
2 hosts isolated
1 router as the promiscuous port
Another host on the VLAN but not a private VLAN
I need to find out details such as, if a community host tries to ping the isolated host what happens when the host ARPs
Question:
I was under the impression that all of the hosts (community, isolated, promiscuous port) would be on the same VLAN, 10. I just watched a video though and they were all on different VLANs and you had to have the primary/secondary VLAN and associate them.
Is it not possible then to have all of the hosts on the same VLAN and network? I would just lab this and see if it works but I didn't have time yesterday to plug everything in! Also when I was being told what to do, we only spoke of 1 VLAN, he didn't mention another.
Thanks in advance
Edit:
Think I understand this now, so VLAN 10 will be the primary VLAN but I will still need VLAN 11 for community 1, VLAN 12 for community 13 and VLAN 13 for the isolated ports.
A guy from work has given me a number of tasks to do using private VLANs. We got 9 routers and created a topology.
1 switch and 9 routers (acting as hosts). He used the network 157.125.28.0 /24 and VLAN 10.
There will be:
2 hosts in community #1
2 hosts in community #2
2 hosts isolated
1 router as the promiscuous port
Another host on the VLAN but not a private VLAN
I need to find out details such as, if a community host tries to ping the isolated host what happens when the host ARPs
Question:
I was under the impression that all of the hosts (community, isolated, promiscuous port) would be on the same VLAN, 10. I just watched a video though and they were all on different VLANs and you had to have the primary/secondary VLAN and associate them.
Is it not possible then to have all of the hosts on the same VLAN and network? I would just lab this and see if it works but I didn't have time yesterday to plug everything in! Also when I was being told what to do, we only spoke of 1 VLAN, he didn't mention another.
Thanks in advance
Edit:
Think I understand this now, so VLAN 10 will be the primary VLAN but I will still need VLAN 11 for community 1, VLAN 12 for community 13 and VLAN 13 for the isolated ports.
Lab:
Combination of GNS3 and Cisco equipment if required.
Combination of GNS3 and Cisco equipment if required.
Comments
-
mattau
Member Posts: 218
your edit bit is the way to look at it. Also another good way to look at is what private vlans solve in the first place. A vlan = a subnet which means you have wasted IP address space. With private vlans 157.125.28.0 /24 can be used for everyone in the same primary vlan, its the secondary vlan that provides the segmentation._____________________________________
CCNP ROUTE - passed 20/3/12
CCNP SWITCH - passed 25/10/12
CCNP TSHOOT - passed 11/12/12 -
BobMead
Member Posts: 55 ■■■□□□□□□□
Great knowledge to setup private VLan
Basic Private VLAN Configuration - Packet Life
I am doing this on a 3750 with c3750-advipservicesk9-mz.122-40.SE.binPress RETURN to get started
:roll: