Filter
Top Products
DES-7200 Configuration Guide Chapter 8 Private VLAN Configuration
8-12
1. All companies shall belong to the same PVLAN (Primary VLAN 99), and
users from all companies share a layer-3 interface through this VLAN to
communicate with Internet.
2. If there are multiple users in a company, respective companies shall belong
to different Community VLANs (company A belonging to Community VLAN 100),
so that intra-company users can communicate with each other and
inter-company users are isolated from each other.
3. If there is only one user in a company, such companies shall belong to the
same Isolated VLAN (company B and company C belonging to Isolated VLAN
101), so that inter-company users are isolated from each other.
z Configuration tips are shown below:
1. To run PVLAN across device, you need to configure the interconnected ports
to Trunk Ports.
2. The gateway-connecting port shall be configured as Promiscuous Port; the
peer port (interface of gateway device) can be configured as Trunk Port or
Hybrid Port, and the Native VLAN shall be the Primary VLAN of PVLAN.
8.4.1.4 Configuration Steps
Step 1: Create Primary VLAN and Secondary VLAN on the device.
! Configure Primary VLAN 99, Community VLAN 100 and Isolated VLAN 101 on
Switch A.
SwitchA#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SwitchA(config)#vlan 99
SwitchA(config-vlan)#private-vlan primary
SwitchA(config-vlan)#exit
SwitchA(config)#vlan 100
SwitchA(config-vlan)#private-vlan community
SwitchA(config-vlan)#exit
SwitchA(config)#vlan 101
SwitchA(config-vlan)#private-vlan isolated
SwitchA(config-vlan)#exit
! Configurations of Switch B are the same as above.
Step 2: Associate Secondary VLAN and Primary VLAN on the device.
! Associate Community VLAN 100, Isolated VLAN 101 and Primary VLAN 99 on
Switch A.
SwitchA(config)#vlan 99
SwitchA(config-vlan)#private-vlan association 100-101