SW1:
config t
vtp mode transparent
vtp domain ccie
vtp password cciepass
int f0/19 /*connect to SW2's f0/19*/
switchport trunk encapsulation dot1q
switchport mode trunk
exit
vlan 12
private-vlan community
vlan 34
private-vlan isolated
vlan 300
private-vlan primary
private-vlan association 12,34
exit
int f0/1 /*connect to PC1*/
switchport mode private-vlan host
switchport private-vlan host-association 300 12
int f0/2 /*connect to PC2*/
switchport mode private-vlan host
switchport private-vlan host-association 300 12
int f0/5 /*connect to SERVER*/
switchport mode private-vlan promiscuous
switchport private-vlan mapping 300 12,34
end
SW2
config t
vtp mode transparent
vtp domain ccie
vtp password cciepass
int f0/19 /*connect to SW1*/
switchport trunk encapsulation dot1q
switchport mode trunk
exit
vlan 12
private-vlan community
vlan 34
private-vlan isolated
vlan 300
private-vlan primary
private-vlan association 12,34
exit
int f0/4 /*connect to PC4*/
switchport mode private-vlan host
switchport private-vlan host-association 300 12
int f0/3 /*connect to PC3*/
switchport mode private-vlan host
switchport private-vlan host-association 300 34
end
PC1
int f0/0
ip address 5.5.12.1 255.255.255.0
no shut
PC2
int f0/0
ip address 5.5.12.2 255.255.255.0
no shut
PC3
int f0/1
ip address 5.5.34.3 255.255.255.0
no shut
PC4
int f0/1
ip address 5.5.34.4 255.255.255.0
no shut
SERVER
int f0/0
ip address 5.5.12.5 255.255.255.0
ip address 5.5.34.5 255.255.255.0 secondary
結果result:
PC1, PC2, PC4因爲同在community所以可以互相Ping通,也能Ping通server。
PC3只能ping通server。
PC1,PC2,PC4 they can use ping command to community with each other, and so the server.
PC3 only can ping through the server.
總結conclusion:
一個private-vlan系統裏面只能存在一個isolated vlan,但能存在很多community vlan。
兩個SWITCH設置成同一個private-vlan系統前,一定要有用trunk連接,並且vtp domain和password都要相同
A private-vlan system was only can config an isolated vlan, but can config many community vlan.
Before two switch connected to be one system, it must use trunk link, and the vtp domain and password must be same.