Request Demo
Group Created with Sketch.
Search

Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

PVLAN Configuration Example 1

The following figure shows a PVLAN configuration example for a medical research lab.

Click to expand in new window
PVLAN Configuration Example 1
../Graphics/EX_vlan_0003.svg

The medical research lab hosts lots of visiting clients. Each client has their own room, and the lab wants to grant them access to the internet through a local web proxy server but prevent them from accessing other visiting clients. There is a lab in the building where many research workstations are located. Workstations within the lab require access to other lab workstations, the internet, and file servers that are connected to a switch in another building. Visiting clients should not have access to the Research VLAN devices or the file servers on the remote switch.

The PVLAN in the following figure contains the following PVLAN components:

  • Network VLAN named Main, which provides internet access through the proxy web server and access to file servers on the remote switch.

  • Isolated subscriber VLAN named ClientConnections, which provides internet access for visiting clients and isolation from other visiting clients, the Research VLAN devices, and the remote file servers.

  • Non-isolated subscriber VLAN named Research, which provides internet access and enables communications between Research VLAN devices and the remote file servers.

  1. The first configuration step is to create and configure the VLANs on the local switch: 
    create vlan Main
configure vlan Main add port 1:*
configure vlan Main tag 100
create vlan ClientConnections
configure vlan ClientConnections add port 2:*
configure vlan ClientConnections tag 200
create vlan Research
configure vlan Research add port 3:*
configure vlan Research tag 300
  2. The remote switch VLAN is configured as follows: 
    create vlan Main
configure vlan Main add port 1:*
configure vlan Main tag 100
  3. The next step is to create the PVLAN on the local switch and configure each of the component VLANs for the proper role: 
    create private-vlan MedPrivate
configure private-vlan "MedPrivate" add network "Main"
configure private-vlan "MedPrivate" add subscriber "ClientConnections"
configure private-vlan "MedPrivate" add subscriber "Research" non-isolated
  4. The final step is to configure VLAN translation on the local switch so that Research VLAN workstations can connect to the file servers on the remote switch: 
    configure Main add ports 1:1 private-vlan translated
  5. To view the completed configuration, enter the show private-vlan command as follows: 
    show private-vlan
--------------------------------------------------------------------------------------
Name            VID  Protocol Addr        Flags                Proto  Ports  Virtual
Active router
/Total
--------------------------------------------------------------------------------------
MedPrivate                                                                  VR-Default
Network VLAN:
-main          100  -------------------------------------    ANY    2 /48  VR-Default
Non-Isolated Subscriber VLAN:
-Research      300  -------------------------------------    ANY    2 /96  VR-Default
Isolated Subscriber VLAN:
-ClientConnections 200  ---------------------------------    ANY    2 /52  VR-Default
Published March 2017prev | next

Email this topicEmail this topic

Print this pagePrint this page

Corporate