Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Configuring a Private VLAN Spanning Multiple EX Series Switches

For security reasons, it is often useful to restrict the flow of broadcast and unknown unicast traffic and to even limit the communication between known hosts. The private VLAN (PVLAN) feature on EX Series switches allows an administrator to split a broadcast domain into multiple isolated broadcast subdomains, essentially putting a VLAN inside a VLAN. A PVLAN can span multiple switches.

This example describes how to create a PVLAN spanning multiple EX Series switches. The example creates one primary PVLAN, containing multiple secondary VLANs:

Note: Configuring a voice over IP (VoIP) VLAN on PVLAN interfaces is not supported.

Requirements

This example uses the following hardware and software components:

  • Three EX Series switches
  • Junos OS Release 10.4 or later for EX Series switches

Before you begin configuring a PVLAN, make sure you have created and configured the necessary VLANs. See Configuring VLANs for EX Series Switches (CLI Procedure).

Overview and Topology

In a large office with multiple buildings and VLANs, you might need to isolate some workgroups or other endpoints for security reasons or to partition the broadcast domain. This configuration example shows how to create a PVLAN spanning multiple EX Series switches, with one primary VLAN containing two community VLANs (one for HR and one for Finance), and an Interswitch isolated VLAN (for the mail server, the backup server, and the CVS server). The PVLAN comprises three switches, two access switches and one distribution switch. The PVLAN is connected to a router through a promiscuous port, which is configured on the distribution switch.

Note: The isolated ports on Switch 1 and on Switch 2 do not have Layer 2 connectivity with each other even though they are included within the same domain. See Understanding Private VLANs on EX Series Switches.

Figure 1 shows the topology for this example—two access switches connecting to a distribution switch, which has a connection (through a promiscuous port) to the router.

Figure 1: PVLAN Topology Spanning Multiple Switches

PVLAN Topology Spanning Multiple Switches

Table 1, Table 2, and Table 3 list the settings for the example topology.

Table 1: Components of Switch 1 in the Topology for Configuring a PVLAN Spanning Multiple EX Series Switches

PropertySettings

VLAN names and tag IDs

primary-vlan, tag 100

isolation-id, tag 50
finance-comm, tag 300
hr-comm, tag 400

PVLAN trunk interfaces

ge-0/0/0.0, Connects Switch 1 to Switch 3


ge-0/0/5.0, Connects Switch 1 to Switch 2

Interfaces in VLAN isolation

ge-0/0/15.0, Mail server

ge-0/0/16.0, Backup server

Interfaces in VLAN finance-com

ge-0/0/11.0

ge-0/0/12.0

Interfaces in VLAN hr-comm

ge-0/0/13.0

ge-0/0/14.0

Table 2: Components of Switch 2 in the Topology for Configuring a PVLAN Spanning Multiple EX Series Switches

PropertySettings

VLAN names and tag IDs

primary-vlan, tag 100

isolation-id, tag 50
finance-comm, tag 300
hr-comm, tag 400

PVLAN trunk interfaces

ge-0/0/0.0, Connects Switch 2 to Switch 3


ge-0/0/5.0, Connects Switch 2 to Switch 1

Interfaces in VLAN isolation

ge-0/0/17.0,CVS server

Interfaces in VLAN finance-com

ge-0/0/11.0

ge-0/0/12.0

Interfaces in VLAN hr-comm

ge-0/0/13.0

ge-0/0/14.0

Table 3: Components of Switch 3 in the Topology for Configuring a PVLAN Spanning Multiple EX Series Switches

PropertySettings

VLAN names and tag IDs

primary-vlan, tag 100

isolation-id, tag 50
finance-comm, tag 300
hr-comm, tag 400

PVLAN trunk interfaces

ge-0/0/0.0, Connects Switch 3 to Switch 1


ge-0/0/1.0, Connects Switch 3 to Switch 2

Promiscuous port

ge-0/0/2, Connects the PVLAN to the router

Note: You must configure the trunk port that connects the PVLAN to another switch or router outside the PVLAN as a member of the PVLAN, which implicitly configures it as a promiscuous port.

Configuring a PVLAN on Switch 1

CLI Quick Configuration

When configuring a PVLAN on multiple switches, these rules apply:

  • The primary VLAN must be a tagged VLAN. We recommend that you configure the primary VLAN first.
  • Configuring a voice over IP (VoIP) VLAN on PVLAN interfaces is not supported.
  • If you are going to configure a community VLAN ID, you must first configure the primary VLAN and the PVLAN trunk port.
  • If you are going to configure an isolation VLAN ID, you must first configure the primary VLAN and the PVLAN trunk port.
  • Secondary VLANs and the PVLAN trunk port must be committed on a single commit if MVRP is configured on the PVLAN trunk port.

To quickly create and configure a PVLAN spanning multiple switches, copy the following commands and paste them into the terminal window of Switch 1:

[edit]

set vlans finance-comm vlan-id 300

set vlans finance-comm interface ge-0/0/11.0

set vlans finance-comm interface ge-0/0/12.0

set vlans finance-comm primary-vlan pvlan100

set vlans hr-comm vlan-id 400

set vlans hr-comm interface ge-0/0/13.0

set vlans hr-comm interface ge-0/0/14.0

set vlans hr-comm primary-vlan pvlan100

set vlans pvlan100 vlan-id 100

set vlans pvlan100 interface ge-0/0/15.0

set vlans pvlan100 interface ge-0/0/16.0

set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk

set vlans pvlan100 interface ge-0/0/5.0 pvlan-trunk

set vlans pvlan100 no-local-switching

set vlans pvlan100 isolation-id 50

Step-by-Step Procedure

Complete the configuration steps below in the order shown—also, complete all steps before committing the configuration in a single commit. This is the easiest way to avoid error messages triggered by violating any of these three rules:

  • If you are going to configure a community VLAN ID, you must first configure the primary VLAN and the PVLAN trunk port.
  • If you are going to configure an isolation VLAN ID, you must first configure the primary VLAN and the PVLAN trunk port.
  • Secondary vlans and a PVLAN trunk must be committed on a single commit.

To configure a PVLAN on Switch 1 that will span multiple switches:

  1. Set the VLAN ID for the primary VLAN:
    [edit vlans]
    user@switch# set pvlan100 vlan–id 100
  2. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:
    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk

    user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk

  3. Set the primary VLAN to have no local switching:
    [edit vlans]
    user@switch# set pvlan100 no-local-switching
  4. Set the VLAN ID for the finance-comm community VLAN that spans the switches:
    [edit vlans]
    user@switch# finance-comm vlan-id 300
    user@switch# set pvlan100 vlan–id 100
  5. Configure access interfaces for the finance-comm VLAN:
    [edit vlans]
    user@switch# set finance-comm interface ge-0/0/11.0
    user@switch# set finance-comm interface ge-0/0/12.0
  6. Set the primary VLAN of this secondary community VLAN, finance-comm :
    [edit vlans]
    user@switch# set vlans finance-comm primary-vlan pvlan100
  7. Set the VLAN ID for the HR community VLAN that spans the switches.
    [edit vlans]
    user@switch# hr-comm vlan-id 400
  8. Configure access interfaces for the hr-comm VLAN:
    [edit vlans]
    user@switch# set hr-comm interface ge-0/0/13.0

    user@switch# set hr-comm interface ge-0/0/14.0
  9. Set the primary VLAN of this secondary community VLAN, hr-comm :
    [edit vlans]
    user@switch# set vlans hr-comm primary-vlan pvlan100
  10. Set the inter-switch isolated ID to create an inter-switch isolated domain that spans the switches:
    [edit vlans]
    user@switch# set pvlan100 isolation-id 50

    Note: To configure an isolated port, include it as one of the members of the primary VLAN but do not configure it as belonging to one of the community VLANs.

Results

Check the results of the configuration:

[edit]
user@switch# show
vlans {finance-comm {vlan-id 300;interface {ge-0/0/11.0;ge-0/0/12.0;}primary-vlan pvlan100;}hr-comm {vlan-id 400;interface {ge-0/0/13.0;ge-0/0/14.0;}primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/15.0;ge-0/0/16.0;ge-0/0/0.0 {pvlan-trunk;}ge-0/0/5.0 {pvlan-trunk;}}no-local-switching;isolation-id 50;}}

Configuring a PVLAN on Switch 2

CLI Quick Configuration

To quickly create and configure a private VLAN spanning multiple switches, copy the following commands and paste them into the terminal window of Switch 2:

Note: The configuration of Switch 2 is the same as the configuration of Switch 1 except for the interface in the inter-switch isolated domain. For Switch 2, the interface is ge-0/0/17.0.

[edit]

set vlans finance-comm vlan-id 300

set vlans finance-comm interface ge-0/0/11.0

set vlans finance-comm interface ge-0/0/12.0

set vlans finance-comm primary-vlan pvlan100

set vlans hr-comm vlan-id 400

set vlans hr-comm interface ge-0/0/13.0

set vlans hr-comm interface ge-0/0/14.0

set vlans hr-comm primary-vlan pvlan100

set vlans pvlan100 vlan-id 100

set vlans pvlan100 interface ge-0/0/17.0

set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk

set vlans pvlan100 interface ge-0/0/5.0 pvlan-trunk

set vlans pvlan100 no-local-switching

set vlans pvlan100 isolation-id 50

Step-by-Step Procedure

To configure a PVLAN on Switch 2 that will span multiple switches:

  1. Set the VLAN ID for the finance-comm community VLAN that spans the switches:
    [edit vlans]
    user@switch# finance-comm vlan-id (802.1Q Tagging) 300
    user@switch# set pvlan100 vlan–id 100
  2. Configure access interfaces for the finance-comm VLAN:
    [edit vlans]
    user@switch# set finance-comm interface (VLANs) ge-0/0/11.0
    user@switch# set finance-comm interface ge-0/0/12.0
  3. Set the primary VLAN of this secondary community VLAN, finance-comm :
    [edit vlans]
    user@switch# set vlans finance-comm primary-vlan pvlan100
  4. Set the VLAN ID for the HR community VLAN that spans the switches.
    [edit vlans]
    user@switch# hr-comm vlan-id 400
  5. Configure access interfaces for the hr-comm VLAN:
    [edit vlans]
    user@switch# set hr-comm interface ge-0/0/13.0

    user@switch# set hr-comm interface ge-0/0/14.0
  6. Set the primary VLAN of this secondary community VLAN, hr-comm :
    [edit vlans]
    user@switch# set vlans hr-comm primary-vlan pvlan100
  7. Set the VLAN ID for the primary VLAN:
    [edit vlans]
    user@switch# set pvlan100 vlan–id 100
  8. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:
    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk

    user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk

  9. Set the primary VLAN to have no local switching:
    [edit vlans]
    user@switch# set pvlan100 no-local-switching
  10. Set the inter-switch isolated ID to create an inter-switch isolated domain that spans the switches:
    [edit vlans]
    user@switch# set pvlan100 isolation-id 50

    Note: To configure an isolated port, include it as one of the members of the primary VLAN but do not configure it as belonging to one of the community VLANs.

Results

Check the results of the configuration:

[edit] user@switch# show
vlans {finance-comm {vlan-id 300;interface {ge-0/0/11.0;ge-0/0/12.0;}primary-vlan pvlan100;}hr-comm {vlan-id 400;interface {ge-0/0/13.0;ge-0/0/14.0;}primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/15.0;ge-0/0/16.0;ge-0/0/0.0 {pvlan-trunk;}ge-0/0/5.0 {pvlan-trunk;}ge-0/0/17.0;}no-local-switching;isolation-id 50;}}

Configuring a PVLAN on Switch 3

CLI Quick Configuration

To quickly configure Switch 3 to function as the distribution switch of this PVLAN, copy the following commands and paste them into the terminal window of Switch 3:

Note: Interface ge-0/0/2.0 is a trunk port connecting the PVLAN to a router.

[edit]

set vlans finance-comm vlan-id 300

set vlans finance-comm primary-vlan pvlan100

set vlans hr-comm vlan-id 400

set vlans hr-comm primary-vlan pvlan100

set vlans pvlan100 vlan-id 100

set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk

set vlans pvlan100 interface ge-0/0/1.0 pvlan-trunk

set vlans pvlan100 no-local-switching

set vlans pvlan100 isolation-id 50

Step-by-Step Procedure

To configure Switch 3 to function as the distribution switch for this PVLAN, use the following procedure:

  1. Set the VLAN ID for the finance-comm community VLAN that spans the switches:
    [edit vlans]
    user@switch# finance-comm vlan-id (802.1Q Tagging) 300
    [edit vlans]
    user@switch# set pvlan100 vlan–id 100
  2. Set the primary VLAN of this secondary community VLAN, finance-comm:
    [edit vlans]
    user@switch# set vlans finance-comm primary-vlan pvlan100
  3. Set the VLAN ID for the HR community VLAN that spans the switches:
    [edit vlans]
    user@switch# hr-comm vlan-id 400
  4. Set the primary VLAN of this secondary community VLAN, hr-comm:
    [edit vlans]
    user@switch# set vlans hr-comm primary-vlan pvlan100
  5. Set the VLAN ID for the primary VLAN:
    [edit vlans]
    user@switch# set pvlan100 vlan–id 100
  6. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:
    [edit vlans]
    user@switch# set pvlan100 interface (VLANs) ge-0/0/0.0 pvlan-trunk

    user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk

  7. Set the primary VLAN to have no local switching:
    [edit vlans]
    user@switch# set pvlan100 no-local-switching
  8. Set the inter-switch isolated ID to create an inter-switch isolated domain that spans the switches:
    [edit vlans]
    user@switch# set pvlan100 isolation-id 50

    Note: To configure an isolated port, include it as one of the members of the primary VLAN but do not configure it as belonging to one of the community VLANs.

Results

Check the results of the configuration:

[edit]user@switch# show
vlans {finance-comm {vlan-id 300;primary-vlan pvlan100;}hr-comm {vlan-id 400;primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/0.0 {pvlan-trunk;}ge-0/0/1.0 {pvlan-trunk;}ge-0/0/2.0;}no-local-switching;isolation-id 50;}}

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 1

Purpose

Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 1:

Action

Use the show vlans extensive command:

user@switch> show vlans extensive
VLAN: __pvlan_pvlan100_ge-0/0/15.0__, Created at: Thu Sep 16 23:15:27 2010
Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/15.0*, untagged, access

VLAN: __pvlan_pvlan100_ge-0/0/16.0__, Created at: Thu Sep 16 23:15:27 2010
Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/16.0*, untagged, access

VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 50, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 300, Internal index: 8, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access

VLAN: hr-comm, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 400, Internal index: 9, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access

VLAN: pvlan100, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  6 (Active = 6)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access
      ge-0/0/15.0*, untagged, access
      ge-0/0/16.0*, untagged, access
Secondary VLANs: Isolated 2, Community  2, Inter-switch-isolated  1
  Isolated VLANs :
      __pvlan_pvlan100_ge-0/0/15.0__
      __pvlan_pvlan100_ge-0/0/16.0__
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

Meaning

The output shows that a PVLAN was created on Switch 1 and shows that it includes two isolated VLANs, two community VLANs, and an interswitch isolated VLAN. The presence of the pvlan-trunk and Inter-switch-isolated fields indicates that this PVLAN is spanning more than one switch.

Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 2

Purpose

Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 2:

Action

Use the show vlans extensive command:

user@switch> show vlans extensive
VLAN: __pvlan_pvlan100_ge-0/0/17.0__, Created at: Thu Sep 16 23:19:22 2010
Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/17.0*, untagged, access

VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 50, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 300, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access

VLAN: hr-comm, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 400, Internal index: 8, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access

VLAN: pvlan100, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  5 (Active = 5)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access
      ge-0/0/17.0*, untagged, access
Secondary VLANs: Isolated 1, Community  2, Inter-switch-isolated  1
  Isolated VLANs :
      __pvlan_pvlan100_ge-0/0/17.0__
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

Meaning

The output shows that a PVLAN was created on Switch 1 and shows that it includes two isolated VLANs, two community VLANs, and an interswitch isolated VLAN. The presence of the pvlan-trunk and Inter-switch-isolated fields indicates that this is PVLAN spanning more than one switch. When you compare this output to the output of Switch 1, you can see that both switches belong to the same PVLAN (pvlan100).

Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 3

Purpose

Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 3:

Action

Use the show vlans extensive command:

user@switch> show vlans extensive
VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 50, Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 300, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: hr-comm, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 400, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: pvlan100, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk
Secondary VLANs: Isolated 0, Community  2, Inter-switch-isolated  1
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

Meaning

The output shows that the PVLAN (pvlan100) is configured on Switch 3 and that it includes two isolated VLANs, two community VLANs, and an interswitch isolated VLAN. But Switch 3 is functioning as a distribution switch, so the output does not include access interfaces within the PVLAN. It shows only the pvlan-trunk interfaces that connect pvlan100 from Switch 3 to the other switches (Switch 1 and Switch 2) in the same PVLAN.

 

Related Documentation

 

Published: 2014-04-23

Previous Page Next Page