The following figure shows a PVLAN configuration example for a motel.
The motel example in the following figure has guest rooms, a conference room, and their web proxy server on the first floor, and guest rooms on the second floor. The motel has three Summit switches. There is one on the first floor in a closet, one on the first floor in the conference room, and one on the second floor.
A VLAN called Main that contains the web proxy server.
A VLAN called ConfRoom that contains the ports for the conference room connections.
A VLAN called ClientConnections that contains client PC connections for the guest rooms.
Provide internet access for the ConfRoom and ClientConnections VLANs through the web proxy server.
Prevent communications between the ConfRoom and ClientConnections VLANs.
Enable communications between clients on the ClientConnections VLAN only within the conference room.
Enable communications between devices on the ConfRoom VLAN.
Prevent communications between the PCs in the ClientConnections VLAN that are not in the conference room.
The Summit switches in the first floor closet and on the second floor contain the Main VLAN with a tag of 100. This VLAN is connected via a tagged port between the first and second floor switches.
The Summit in the conference room does not contain the Main VLAN and cannot be a PVLAN member.
All of the switches have the ClientConnections VLAN, and it uses VLAN tag 200.
All of the switches have the ConfRoom VLAN, and it uses VLAN tag 300.
The Conference Room Summit connects to the rest of the network through a tagged connection to the Summit in the first floor closet.
Note
The following examples contain comments that follow the CLI comment character (#). All text that follows this character is ignored by the switch and can be omitted from the switch configuration.The following commands configure the Summit in the first floor closet:
# Create and configure the VLANs. create vlan Main configure vlan Main add port 1 configure vlan Main tag 100 configure vlan Main add port 2 tagged create vlan ClientConnections configure vlan ClientConnections tag 200 configure vlan ClientConnections add port 5-19 configure vlan ClientConnections add port 20 tagged create vlan ConfRoom configure vlan ConfRoom tag 300 configure vlan ConfRoom add port 21-30 configure vlan ConfRoom add port 20 tagged
# Create and configure the PVLAN named Motel. create private-vlan Motel configure private-vlan Motel add network Main configure private-vlan Motel add subscriber ClientConnections # isolated subscriber VLAN configure private-vlan "Motel" add subscriber "ConfRoom" non-isolated loopback-port 30 configure private-vlan Motel add subscriber ConfRoom non-isolated # If you omit the loopback-port command, the above command produces the following error message: # Cannot add subscriber because another subscriber vlan is already present on the same port, assign a loopback port when adding the subscriber vlan to the private vlan
# show vlan "ConfRoom" VLAN Interface with name ConfRoom created by user Admin State: Enabled Tagging: 802.1Q Tag 300 Virtual router: VR-Default IPv6: None STPD: None Protocol: Match all unfiltered protocols Loopback: Disabled NetLogin: Disabled QosProfile: None configured Egress Rate Limit Designated Port: None configured Private-VLAN Name: Motel VLAN Type in Private-VLAN: Non-Isolated Subscriber Ports: 13. (Number of active ports=1) Untag: 21, 22, 23, 24, 25, 26, 27, 28, 29 Tag: 1s, 2s, 20, *30L Flags: (*) Active, (!) Disabled, (g) Load Sharing port (b) Port blocked on the vlan, (m) Mac-Based port (a) Egress traffic allowed for NetLogin (u) Egress traffic unallowed for NetLogin (t) Translate VLAN tag for Private-VLAN (s) Private-VLAN System Port, (L) Loopback port (x) VMAN Tag Translated port (G) Multi-switch LAG Group port # Note that the loopback port is flagged with an "L" and listed as a tagged port, and the network VLAN ports are flagged with an "s" and listed as tagged ports.
The following commands configure the Summit on the second floor:
# create and configure the VLANs create vlan Main configure vlan Main tag 100 configure vlan Main add port 2 tagged create vlan ClientConnections configure vlan ClientConnections tag 200 configure vlan ClientConnections add port 5-20 create vlan ConfRoom configure vlan ConfRoom tag 300 # Create and configure the PVLAN named Motel. create private-vlan Motel configure private-vlan Motel add network Main configure private-vlan Motel add subscriber ClientConnections # isolated subscriber VLAN configure private-vlan Motel add subscriber ConfRoom non-isolated
The following commands configure the Summit in the conference room:
# create and configure the VLANs create vlan ClientConnections configure vlan ClientConnections tag 200 configure vlan ClientConnections add port 1-19 configure vlan ClientConnections add port 20 tag create vlan ConfRoom configure vlan ConfRoom tag 300 configure vlan ConfRoom add port 21-30 configure vlan ConfRoom add port 20 tag # The VLANs operate as extensions of the VLANs on the Summit in the first floor closet. There is no PVLAN configuration on this switch.