1、私有VLAN解析
PVLAN分为Primary VLAN和Secondary VLAN,其中Secondary VLAN进一步分为隔离VLAN和团体VLAN,隔离VLAN和团体VLAN之间不能互访,但他们都能与Primary VLAN互访,隔离VLAN内部不能互访,团体VLAN内部可以互访。
端口角色
混杂端口:Primary VLAN端口
Host端口:隔离端口和团体端口
2、实验拓扑
3、基础配置
IOU1配置
no ip routing
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
IOU2配置
no ip routing
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
IOU3配置
no ip routing
interface Ethernet0/0
ip address 192.168.1.3 255.255.255.0
IOU4配置
no ip routing
interface Ethernet0/0
ip address 192.168.1.4 255.255.255.0
IOU5配置
no ip routing
interface Ethernet0/0
ip address 192.168.1.5 255.255.255.0
4、PVLAN配置
配置透明模式(PVLAN必须配置在透明模式下)
vtp mode transparent
定义vlan
vlan 20
private-vlan primary
vlan 501
private-vlan community
vlan 502
private-vlan isolated
关联vlan
vlan 20
private-vlan association 501,502
将端口划进相应VLAN
int e1/0
switchport mode private-vlan promiscuous
switchport private-vlan mapping 20 501,502
VLAN20为Primary VLAN,VLAN501、502为可以访问的Secondary VLAN
int range e0/0-1
switchport mode private-vlan host
switchport private-vlan host-association 20 501
int range e0/2-3
switchport mode private-vlan host
switchport private-vlan host-association 20 502
此时如果想让IOU2、IOU3、IOU4、IOU5都可以网关IOU6,需要做如下配置
ip routing
int vlan 20
ip address 192.168.1.20 255.255.255.0
private-vlan mapping 501,502
