Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Configuring a Private VLAN Spanning Multiple Switches

For security reasons, it is often useful to restrict the flow of broadcast and unknown unicast traffic and even to limit the communication between known hosts. The private VLAN (PVLAN) feature allows an administrator to split a broadcast domain into multiple isolated broadcast subdomains, essentially putting a VLAN inside a VLAN. A PVLAN can span multiple switches.

This example describes how to create a PVLAN spanning multiple switches. The example creates one primary PVLAN, containing multiple secondary VLANs:

Requirements

This example uses the following hardware and software components:

  • Three QFX3500 devices
  • Junos OS Release 12.1 or later for the QFX Series

Before you begin configuring a PVLAN, make sure you have created and configured the necessary VLANs. See Configuring VLANs.

Overview and Topology

In a large office with multiple buildings and VLANs, you might need to isolate some workgroups or other endpoints for security reasons or to partition the broadcast domain. This configuration example shows how to create a PVLAN spanning multiple QFX devices, with one primary VLAN containing two community VLANs (one for HR and one for Finance), and an interswitch isolated VLAN (for the mail server, the backup server, and the CVS server). The PVLAN comprises three switches, two access switches and one distribution switch. The PVLAN is connected to a router through a promiscuous port, which is configured on the distribution switch.

Note: The isolated ports on Switch 1 and on Switch 2 do not have Layer 2 connectivity with one another even though they are included within the same domain. See Understanding Private VLANs.

Figure 1 shows the topology for this example—two access switches connecting to a distribution switch, which has a connection (through a promiscuous port) to the router.

Figure 1: PVLAN Topology Spanning Multiple Switches

PVLAN Topology Spanning Multiple Switches

Table 1, Table 2, and Table 3 list the settings for the example topology.

Table 1: Components of Switch 1 in the Topology for Configuring a PVLAN Spanning Multiple Devices

PropertySettings

VLAN names and tag IDs

primary-vlan, tag 100

isolation-vlan-id, tag 50
finance-comm, tag 300
hr-comm, tag 400

PVLAN trunk interfaces

ge-0/0/0.0, connects Switch 1 to Switch 3


ge-0/0/5.0, connects Switch 1 to Switch 2

Isolated Interfaces in primary VLAN

ge-0/0/15.0, mail server

ge-0/0/16.0, backup server

Interfaces in VLAN finance-com

ge-0/0/11.0

ge-0/0/12.0

Interfaces in VLAN hr-comm

ge-0/0/13.0

ge-0/0/14.0

Table 2: Components of Switch 2 in the Topology for Configuring a PVLAN Spanning Multiple Devices

PropertySettings

VLAN names and tag IDs

primary-vlan, tag 100

isolation-vlan-id, tag 50
finance-comm, tag 300
hr-comm, tag 400

PVLAN trunk interfaces

ge-0/0/0.0, connects Switch 2 to Switch 3


ge-0/0/5.0, connects Switch 2 to Switch 1

Isolated Interface in primary VLAN

ge-0/0/17.0, CVS server

Interfaces in VLAN finance-com

ge-0/0/11.0

ge-0/0/12.0

Interfaces in VLAN hr-comm

ge-0/0/13.0

ge-0/0/14.0

Table 3: Components of Switch 3 in the Topology for Configuring a PVLAN Spanning Multiple Devices

PropertySettings

VLAN names and tag IDs

primary-vlan, tag 100

isolation-vlan-id, tag 50
finance-comm, tag 300
hr-comm, tag 400

PVLAN trunk interfaces

ge-0/0/0.0, connects Switch 3 to Switch 1


ge-0/0/1.0, connects Switch 3 to Switch 2

Promiscuous port

ge-0/0/2, connects the PVLAN to the router

Note: You must configure the trunk port that connects the PVLAN to another switch or router outside the PVLAN as a member of the PVLAN, which implicitly configures it as a promiscuous port.

Configuring a PVLAN on Switch 1

When configuring a PVLAN on multiple switches, these rules apply:

  • The primary VLAN must be a tagged VLAN. We recommend that you configure the primary VLAN first.
  • If you are going to configure a community VLAN ID, you must first configure the primary VLAN and the PVLAN trunk port. You must also configure the primary VLAN to be private using the pvlan statement.
  • If you are going to configure an isolation VLAN ID, you must first configure the primary VLAN and the PVLAN trunk port.

CLI Quick Configuration

To quickly create and configure a PVLAN spanning multiple switches, copy the following commands and paste them into the terminal window of Switch 1:

[edit]

set vlans finance-comm vlan-id 300

set vlans finance-comm interface ge-0/0/11.0

set vlans finance-comm interface ge-0/0/12.0

set vlans finance-comm primary-vlan pvlan100

set vlans hr-comm vlan-id 400

set vlans hr-comm interface ge-0/0/13.0

set vlans hr-comm interface ge-0/0/14.0

set vlans hr-comm primary-vlan pvlan100

set vlans pvlan100 vlan-id 100

set vlans pvlan100 interface ge-0/0/15.0

set vlans pvlan100 interface ge-0/0/16.0

set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk

set vlans pvlan100 interface ge-0/0/5.0 pvlan-trunk

set vlans pvlan100 pvlan

set vlans pvlan100 pvlan isolation-vlan-id 50

set pvlan100 interface ge-0/0/15.0 isolated

set pvlan100 interface ge-0/0/16.0 isolated

Step-by-Step Procedure

  1. Set the VLAN ID for the primary VLAN:
    [edit vlans]
    user@switch# set pvlan100 vlan-id 100
  2. Set the PVLAN trunk interfaces to connect this VLAN across neighboring switches:
    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk
    user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk

  3. Set the primary VLAN to be private and have no local switching:
    [edit vlans]
    user@switch# set pvlan100 pvlan
  4. Set the VLAN ID for the finance-comm community VLAN that spans the switches:
    [edit vlans]
    user@switch# set finance-comm vlan-id 300
  5. Configure access interfaces for the finance-comm VLAN:
    [edit vlans]
    user@switch# set finance-comm interface ge-0/0/11.0
    user@switch# set finance-comm interface ge-0/0/12.0
  6. Set the primary VLAN of this secondary community VLAN, finance-comm :
    [edit vlans]
    user@switch# set vlans finance-comm primary-vlan pvlan100
  7. Set the VLAN ID for the HR community VLAN that spans the switches.
    [edit vlans]
    user@switch# set hr-comm vlan-id 400
  8. Configure access interfaces for the hr-comm VLAN:
    [edit vlans]
    user@switch# set hr-comm interface ge-0/0/13.0
    user@switch# set hr-comm interface ge-0/0/14.0
  9. Set the primary VLAN of this secondary community VLAN, hr-comm:
    [edit vlans]
    user@switch# set vlans hr-comm primary-vlan pvlan100
  10. Set the interswitch isolated ID to create an interswitch isolated domain that spans the switches:
    [edit vlans]
    user@switch# set pvlan100 pvlan isolation-vlan-id 50
  11. Configure the isolated interfaces in the primary VLAN:
    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/15.0 isolated
    user@switch# set pvlan100 interface ge-0/0/16.0 isolated

    Note: When you configure an isolated port, include it as a member of the primary VLAN, but do not configure it as a member of any community VLAN.

Results

Check the results of the configuration:

[edit]
user@switch# show
vlans {finance-comm {vlan-id 300;interface {ge-0/0/11.0;ge-0/0/12.0;}primary-vlan pvlan100;}hr-comm {vlan-id 400;interface {ge-0/0/13.0;ge-0/0/14.0;}primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/15.0;ge-0/0/16.0;ge-0/0/0.0 {pvlan-trunk;}ge-0/0/5.0 {pvlan-trunk;}}pvlan;isolation-vlan-id 50;}}

Configuring a PVLAN on Switch 2

CLI Quick Configuration

To quickly create and configure a private VLAN spanning multiple switches, copy the following commands and paste them into the terminal window of Switch 2:

Note: The configuration of Switch 2 is the same as the configuration of Switch 1 except for the interface in the interswitch isolated domain. For Switch 2, the interface is ge-0/0/17.0.

[edit]

set vlans finance-comm vlan-id 300

set vlans finance-comm interface ge-0/0/11.0

set vlans finance-comm interface ge-0/0/12.0

set vlans finance-comm primary-vlan pvlan100

set vlans hr-comm vlan-id 400

set vlans hr-comm interface ge-0/0/13.0

set vlans hr-comm interface ge-0/0/14.0

set vlans hr-comm primary-vlan pvlan100

set vlans pvlan100 vlan-id 100

set vlans pvlan100 interface ge-0/0/17.0

set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk

set vlans pvlan100 interface ge-0/0/5.0 pvlan-trunk

set vlans pvlan100 pvlan

set vlans pvlan100 pvlan isolation-vlan-id 50

set pvlan100 interface ge-0/0/17.0 isolated

Step-by-Step Procedure

To configure a PVLAN on Switch 2 that will span multiple switches:

  1. Set the VLAN ID for the finance-comm community VLAN that spans the switches:
    [edit vlans]
    user@switch# set finance-comm vlan-id 300
  2. Configure access interfaces for the finance-comm VLAN:
    [edit vlans]
    user@switch# set finance-comm interface ge-0/0/11.0
    user@switch# set finance-comm interface ge-0/0/12.0
  3. Set the primary VLAN of this secondary community VLAN, finance-comm:
    [edit vlans]
    user@switch# set vlans finance-comm primary-vlan pvlan100
  4. Set the VLAN ID for the HR community VLAN that spans the switches.
    [edit vlans]
    user@switch# set hr-comm vlan-id 400
  5. Configure access interfaces for the hr-comm VLAN:
    [edit vlans]
    user@switch# set hr-comm interface ge-0/0/13.0
    user@switch# set hr-comm interface ge-0/0/14.0
  6. Set the primary VLAN of this secondary community VLAN, hr-comm:
    [edit vlans]
    user@switch# set vlans hr-comm primary-vlan pvlan100
  7. Set the VLAN ID for the primary VLAN:
    [edit vlans]
    user@switch# set pvlan100 vlan-id 100
  8. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:
    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk
    user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk

  9. Set the primary VLAN to be private and have no local switching:
    [edit vlans]
    user@switch# set pvlan100 pvlan
  10. Set the interswitch isolated ID to create an interswitch isolated domain that spans the switches:
    [edit vlans]
    user@switch# set pvlan100 pvlan isolation-vlan-id 50

    Note: To configure an isolated port, include it as one of the members of the primary VLAN, but do not configure it as belonging to one of the community VLANs.

  11. Configure the isolated interface in the primary VLAN:
    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/17.0 isolated

Results

Check the results of the configuration:

[edit] user@switch# show
vlans {finance-comm {vlan-id 300;interface {ge-0/0/11.0;ge-0/0/12.0;}primary-vlan pvlan100;}hr-comm {vlan-id 400;interface {ge-0/0/13.0;ge-0/0/14.0;}primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/15.0;ge-0/0/16.0;ge-0/0/0.0 {pvlan-trunk;}ge-0/0/5.0 {pvlan-trunk;}ge-0/0/17.0;}pvlan;isolation-vlan-id 50;}}

Configuring a PVLAN on Switch 3

CLI Quick Configuration

To quickly configure Switch 3 to function as the distribution switch of this PVLAN, copy the following commands and paste them into the terminal window of Switch 3:

Note: Interface ge-0/0/2.0 is a trunk port connecting the PVLAN to a router.

[edit]

set vlans finance-comm vlan-id 300

set vlans finance-comm primary-vlan pvlan100

set vlans hr-comm vlan-id 400

set vlans hr-comm primary-vlan pvlan100

set vlans pvlan100 vlan-id 100

set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk

set vlans pvlan100 interface ge-0/0/1.0 pvlan-trunk

set vlans pvlan100 pvlan

set vlans pvlan100 pvlan isolation-vlan-id 50

Step-by-Step Procedure

To configure Switch 3 to function as the distribution switch for this PVLAN, use the following procedure:

  1. Set the VLAN ID for the finance-comm community VLAN that spans the switches:
    [edit vlans]
    user@switch# finance-comm vlan-id 300
  2. Set the primary VLAN of this secondary community VLAN, finance-comm:
    [edit vlans]
    user@switch# set vlans finance-comm primary-vlan pvlan100
  3. Set the VLAN ID for the HR community VLAN that spans the switches:
    [edit vlans]
    user@switch# set hr-comm vlan-id 400
  4. Set the primary VLAN of this secondary community VLAN, hr-comm:
    [edit vlans]
    user@switch# set vlans hr-comm primary-vlan pvlan100
  5. Set the VLAN ID for the primary VLAN:
    [edit vlans]
    user@switch# set pvlan100 vlan-id 100
  6. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:
    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk
    user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk

  7. Set the primary VLAN to be private and have no local switching:
    [edit vlans]
    user@switch# set pvlan100 pvlan
  8. Set the interswitch isolated ID to create an interswitch isolated domain that spans the switches:
    [edit vlans]
    user@switch# set pvlan100 pvlan isolation-vlan-id 50

    Note: To configure an isolated port, include it as one of the members of the primary VLAN, but do not configure it as belonging to one of the community VLANs.

Results

Check the results of the configuration:

[edit]user@switch# show
vlans {finance-comm {vlan-id 300;primary-vlan pvlan100;}hr-comm {vlan-id 400;primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/0.0 {pvlan-trunk;}ge-0/0/1.0 {pvlan-trunk;}ge-0/0/2.0;}pvlan;isolation-vlan-id 50;}}

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 1

Purpose

Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 1:

Action

Use the show vlans extensive command:

user@switch> show vlans extensive
VLAN: __pvlan_pvlan100_ge-0/0/15.0__, Created at: Thu Sep 16 23:15:27 2010
Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/15.0*, untagged, access

VLAN: __pvlan_pvlan100_ge-0/0/16.0__, Created at: Thu Sep 16 23:15:27 2010
Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/16.0*, untagged, access

VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 50, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 300, Internal index: 8, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access

VLAN: hr-comm, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 400, Internal index: 9, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access

VLAN: pvlan100, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  6 (Active = 6)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access
      ge-0/0/15.0*, untagged, access
      ge-0/0/16.0*, untagged, access
Secondary VLANs: Isolated 2, Community  2, Inter-switch-isolated  1
  Isolated VLANs :
      __pvlan_pvlan100_ge-0/0/15.0__
      __pvlan_pvlan100_ge-0/0/16.0__
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

Meaning

The output shows that a PVLAN was created on Switch 1 and shows that it includes two isolated VLANs, two community VLANs, and an interswitch isolated VLAN. The presence of the pvlan-trunk and Inter-switch-isolated fields indicates that this PVLAN is spanning more than one switch.

Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 2

Purpose

Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 2:

Action

Use the show vlans extensive command:

user@switch> show vlans extensive
VLAN: __pvlan_pvlan100_ge-0/0/17.0__, Created at: Thu Sep 16 23:19:22 2010
Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/17.0*, untagged, access

VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 50, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 300, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access

VLAN: hr-comm, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 400, Internal index: 8, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access

VLAN: pvlan100, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  5 (Active = 5)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access
      ge-0/0/17.0*, untagged, access
Secondary VLANs: Isolated 1, Community  2, Inter-switch-isolated  1
  Isolated VLANs :
      __pvlan_pvlan100_ge-0/0/17.0__
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

Meaning

The output shows that a PVLAN was created on Switch 2 and shows that it includes one isolated VLAN, two community VLANs, and an interswitch isolated VLAN. The presence of the pvlan-trunk and Inter-switch-isolated fields indicates that this PVLAN is spanning more than one switch. When you compare this output to the output of Switch 1, you can see that both switches belong to the same PVLAN (pvlan100).

Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 3

Purpose

Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 3:

Action

Use the show vlans extensive command:

user@switch> show vlans extensive
VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 50, Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 300, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: hr-comm, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 400, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: pvlan100, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk
Secondary VLANs: Isolated 0, Community  2, Inter-switch-isolated  1
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

Meaning

The output shows that the PVLAN (pvlan100) is configured on Switch 3 and that it includes no isolated VLANs, two community VLANs, and an interswitch isolated VLAN. But Switch 3 is functioning as a distribution switch, so the output does not include access interfaces within the PVLAN. It shows only the pvlan-trunk interfaces that connect pvlan100 from Switch 3 to the other switches (Switch 1 and Switch 2) in the same PVLAN.

 

Related Documentation

 

Published: 2013-09-24

Previous Page Next Page