Latest

Home / Networks / CCNA Basics: Introduction to Private VLANs

CCNA Basics: Introduction to Private VLANs

May 22, 2020

CCNA Basics: Introduction to Private VLANs 

Today I am going to talk about the basic information followed by the basic configuration of the private VLANs. A Private VLAN gives us the  opportunity to divide a VLAN into Sub VLANs. In the case of PVLAN, a normal VLAN is mapped on Secondary VLANs. 

This helps us to restrict devices being connected in the same normal VLAN (subnet) to communicate with each other. Private VLANs can be configured to different characteristics such as “Community”, “Isolated” and “promiscuous”. 

CCNA Basics: Introduction to Private VLANs
Fig-1.1- Sample topology showing Private VLANs

Community : The community state will enable communication between client ports if they are in the same community VLAN. 

Isolated : The isolated port will only be able to send data to the promiscuous port, regardless of clients belonging in the same VLAN. 

Promiscuous Port: The promiscuous port will be able to receive data from all ports, this port should be connected to a gateway of some sort in order to let all the different ports out of the network 

Below is the diagram showing the concept of the Private VLANs which includes Community and Isolated VLANs and also covers the concept of the Promiscuous port in the network.

Let's talk about the basic configuration in the network showing the Private VLANs which include the Community and the isolated Private VLANs.

Configuration
NDNA(config)# vtp mode transparent
NDNA(config)# vlan 102
NDNA(config-vlan)# private-vlan isolated
NDNA(config)# vlan 101
NDNA(config-vlan)#private-vlan community
NDNA(config-vlan)# vlan 100
NDNA(config-vlan)# private-vlan primary
NDNA(config-vlan)# private-vlan association 101 102

Our Configuration looks like as below. Please make a note that IP address used here are only for the testing purposes and has no relevance with any of the enterprise networks.

!
vlan 100
private-vlan primary
private-vlan association 101 102
!
vlan 101
private-vlan community
vlan 102
private-vlan isolated
!

Let's Configure the association of the ports 

NDNA(config)# interface ge0/1
NDNA(config-if)# Switchport mode private-vlan promiscuous
NDNA(config-if)# Switchport private-vlan mapping 100 101 102

NDNA(config)# interface range ge0/2-ge0/3
NDNA(config-if)# Switchport mode private-vlan host
NDNA(config-if)# Switchport private-vlan host-association 100 101
NDNA(config)# interface range ge0/4-ge0/5
NDNA(config-if)# Switchport mode private-vlan host
NDNA(config-if)# Switchport private-vlan host-association 100 102

Let's check all the interface status 

NDNA# show interface status
Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1                        connected    100        a-full  a-100 10/100BaseTX
Gi0/2                        connected    100,101 a-full  a-100 10/1000BaseTX
Gi0/3                        connected    100,101 a-full  a-100 10/100BaseTX
Gi0/4                        connected    100,102 a-full  a-100 10/100BaseTX
Gi0/5                        connected    100,102 a-full  a-100 10/100BaseTX