Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Verifying That a Private VLAN Is Working

Purpose

After creating and configuring private VLANs (PVLANs), verify that they are set up properly.

Action

1. To determine whether you successfully created the primary and secondary VLAN configurations:
   • For a PVLAN on a single switch, use the show configuration vlans command:
     user@switch> show configuration vlans

     community1 {
         interface {
             interface a;
             interface b;
         }
         primary-vlan pvlan;
     }
     community2 {
         interface {
             interface d;
             interface e;
         }
         primary-vlan pvlan;
     }
     pvlan {
         vlan-id 1000;
         interface {
             isolated1;
             isolated2;
             trunk1;
             trunk2;
         }
         no-local-switching;
     }

   • For a PVLAN spanning multiple switches, use the show vlans extensive command:
     user@switch> show vlans extensive

     VLAN: COM1, Created at: Tue May 11 18:16:05 2010
     802.1Q Tag: 100, Internal index: 3, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Community, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  1 (Active = 1)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/7.0*, untagged, access
     
     VLAN: __pvlan_primary_ge-0/0/0.0__, Created at: Tue May 11 18:16:05 2010
     Internal index: 5, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Isolated, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  1 (Active = 1)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/0.0*, untagged, access
     
      
     VLAN: __pvlan_primary_ge-0/0/2.0__, Created at: Tue May 11 18:16:05 2010
     Internal index: 6, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Isolated, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  1 (Active = 0)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/2.0, untagged, access
     
      
     VLAN: __pvlan_primary_isiv__, Created at: Tue May 11 18:16:05 2010
     802.1Q Tag: 50, Internal index: 7, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Inter-switch-isolated, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  0 (Active = 0)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
      
     
     VLAN: community2, Created at: Tue May 11 18:16:05 2010
     802.1Q Tag: 20, Internal index: 8, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Community, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  2 (Active = 2)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/1.0*, untagged, access
           ge-1/0/6.0*, untagged, access
     
      
     VLAN: primary, Created at: Tue May 11 18:16:05 2010
     802.1Q Tag: 10, Internal index: 2, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  5 (Active = 4)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/0.0*, untagged, access
           ge-0/0/1.0*, untagged, access
           ge-0/0/2.0, untagged, access
           ge-0/0/7.0*, untagged, access
           ge-1/0/6.0*, untagged, access
     
     Secondary VLANs: Isolated 2, Community  2, Inter-switch-isolated  1
       Isolated VLANs :
           __pvlan_primary_ge-0/0/0.0__
           __pvlan_primary_ge-0/0/2.0__
       Community VLANs :
           COM1
           community2
       Inter-switch-isolated VLAN :
           __pvlan_primary_isiv__
      
     

2. Use the show vlans extensive command to view VLAN information and link status for a PVLAN on a single switch or for a PVLAN spanning multiple switches.
   • For a PVLAN on a single switch:
     user@switch> show vlans pvlan extensive

     VLAN: pvlan, Created at: time
     802.1Q Tag: vlan-id, Internal index: index-number, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Primary
     Protocol: Port Mode
     Number of interfaces: Tagged 2 (Active = 0), Untagged  6 (Active = 0)
           trunk1, tagged, trunk
           interface a, untagged, access
           interface b, untagged, access
           interface c, untagged, access
           interface d, untagged, access
           interface e, untagged, access
           interface f, untagged, access
           trunk2, tagged, trunk
     Secondary VLANs: Isolated 2, Community  2
       Isolated VLANs :
           __pvlan_pvlan_isolated1__
           __pvlan_pvlan_isolated2__
       Community VLANs :
           community1
           community2

   • For a PVLAN spanning multiple switches:
     user@switch> show vlans extensive

     VLAN: COM1, Created at: Tue May 11 18:16:05 2010
     802.1Q Tag: 100, Internal index: 3, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Community, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  1 (Active = 1)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/7.0*, untagged, access
     
     VLAN: __pvlan_primary_ge-0/0/0.0__, Created at: Tue May 11 18:16:05 2010
     Internal index: 5, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Isolated, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  1 (Active = 1)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/0.0*, untagged, access
     
      
     VLAN: __pvlan_primary_ge-0/0/2.0__, Created at: Tue May 11 18:16:05 2010
     Internal index: 6, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Isolated, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  1 (Active = 0)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/2.0, untagged, access
     
      
     VLAN: __pvlan_primary_isiv__, Created at: Tue May 11 18:16:05 2010
     802.1Q Tag: 50, Internal index: 7, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Inter-switch-isolated, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  0 (Active = 0)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
      
     
     VLAN: community2, Created at: Tue May 11 18:16:05 2010
     802.1Q Tag: 20, Internal index: 8, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Community, Primary VLAN: primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  2 (Active = 2)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/1.0*, untagged, access
           ge-1/0/6.0*, untagged, access
     
      
     VLAN: primary, Created at: Tue May 11 18:16:05 2010
     802.1Q Tag: 10, Internal index: 2, Admin State: Enabled, Origin: Static
     Private VLAN Mode: Primary
     Protocol: Port Mode, Mac aging time: 300 seconds
     Number of interfaces: Tagged 3 (Active = 3), Untagged  5 (Active = 4)
           ge-0/0/20.0*, tagged, trunk
           ge-0/0/22.0*, tagged, trunk, pvlan-trunk
           ge-0/0/23.0*, tagged, trunk, pvlan-trunk
           ge-0/0/0.0*, untagged, access
           ge-0/0/1.0*, untagged, access
           ge-0/0/2.0, untagged, access
           ge-0/0/7.0*, untagged, access
           ge-1/0/6.0*, untagged, access
     
     Secondary VLANs: Isolated 2, Community  2, Inter-switch-isolated  1
       Isolated VLANs :
           __pvlan_primary_ge-0/0/0.0__
           __pvlan_primary_ge-0/0/2.0__
       Community VLANs :
           COM1
           community2
       Inter-switch-isolated VLAN :
           __pvlan_primary_isiv__
      
     

3. Use the show ethernet-switching table command to view logs for MAC learning on the VLANs:
   user@switch> show ethernet-switching table

   Ethernet-switching table: 8 entries, 1 learned
   
     VLAN              MAC address       Type         Age Interfaces
   
     default           *                 Flood          - All-members
   
     pvlan             *                 Flood          - All-members
   
     pvlan             MAC1              Replicated     - interface a
   
     pvlan             MAC2              Replicated     - interface c
   
     pvlan             MAC3              Replicated     - isolated2
   
     pvlan             MAC4              Learn          0 trunk1
   
     __pvlan_pvlan_isolated1__ *         Flood          - All-members
   
     __pvlan_pvlan_isolated1__ MAC4      Replicated     - trunk1
   
     __pvlan_pvlan_isolated2__ *         Flood          - All-members
   
     __pvlan_pvlan_isolated2__ MAC3      Learn          0 isolated2
   
     __pvlan_pvlan_isolated2__ MAC4      Replicated     - trunk1
   
     community1        *                 Flood          - All-members
   
     community1        MAC1              Learn          0 interface a
   
     community1        MAC4              Replicated     - trunk1
   
     community2        *                 Flood          - All-members
   
     community2        MAC2              Learn          0 interface c
   
     community2        MAC4              Replicated     - trunk1
   
    
   

Note: If you have configured a PVLAN spanning multiple switches, you can use the same command on all the switches to check the logs for MAC learning on those switches.

Meaning

In the output displays for a PVLAN on a single switch, you can see that the primary VLAN contains two community domains (community1 and community2), two isolated ports, and two trunk ports. The PVLAN on a single switch has only one tag (1000), which is for the primary VLAN.

The PVLAN that spans multiple switches contains multiple tags:

• The community domain COM1 is identified with tag 100.
• The community domain community2 is identified with tag 20.
• The interswitch isolated domain is identified with tag 50.
• The primary VLAN primary is identified with tag 10.

Also, for the PVLAN that spans multiple switches, the trunk interfaces are identified as pvlan-trunk.