Filter
Top Products
DES-7200 Configuration Guide Chapter 8 Private VLAN Configuration
8-17
3) On the layer-3 device (Switch A), configure the gateway address of PVLAN
(configure SVI of VLAN2 as 192.168.1.1/24) and configure the layer-3 port
mapping of Primary VLAN (VLAN 2) and Secondary VLAN (VLAN 10, 20
and 30). All company users can access Internet via this gateway address.
8.4.2.4 Configuration Steps
Step 1: Create Primary VLAN and Secondary VLAN on the device.
! Configure Primary VLAN 2, Community VLAN 10, Community VLAN 20 and
Isolated VLAN 30 on Switch A.
SwitchA#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SwitchA(config)#vlan 2
SwitchA(config-vlan)#private-vlan primary
SwitchA(config-vlan)#exit
SwitchA(config)#vlan 10
SwitchA(config-vlan)#private-vlan community
SwitchA(config-vlan)#exit
SwitchA(config)#vlan 20
SwitchA(config-vlan)#private-vlan community
SwitchA(config-vlan)#exit
SwitchA(config)#vlan 30
SwitchA(config-vlan)#private-vlan isolated
SwitchA(config-vlan)#exit
Step 2: Associate Secondary VLAN and Primary VLAN on the device.
! Associate Community VLAN 10, Community VLAN 20, Isolated VLAN 30 and
Primary VLAN 2 on Switch A.
SwitchA(config)#vlan 2
SwitchA(config-vlan)#private-vlan association 10,20,30
SwitchA(config-vlan)#exit
Step 3: Associate the user access ports of respective companies to the
corresponding Secondary VLANs (as shown in the above figure).
! On Switch A, associate ports Gi 0/1 and Gi 0/2 to Community VLAN 10,
associate ports Gi 0/3 and Gi 0/4 to community VLAN 20, and associate ports
Gi 0/5 and Gi 0/6 to Isolated VLAN 30.
SwitchA(config)#interface range gigabitEthernet 0/1-2
SwitchA(config-if-range)#switchport mode private-vlan host
SwitchA(config-if-range)#switchport private-vlan host-association 2 10
SwitchA(config-if-range)#exit
SwitchA(config)#interface range gigabitEthernet 0/3-4
SwitchA(config-if-range)#switchport mode private-vlan host
SwitchA(config-if-range)#switchport private-vlan host-association 2 20