PVLAN Configuration Example 1

PVLAN Configuration Example 1 shows a PVLAN configuration example for a medical research lab.

The medical research lab hosts lots of visiting clients. Each client has their own room, and the lab wants to grant them access to the internet through a local web proxy server but prevent them from accessing other visiting clients. There is a lab in the building where many research workstations are located. Workstations within the lab require access to other lab workstations, the internet, and file servers that are connected to a switch in another building. Visiting clients should not have access to the Research VLAN (Virtual LAN) devices or the file servers on the remote switch.

The PVLAN in PVLAN Configuration Example 1 contains the following PVLAN components:

Network VLAN named Main, which provides internet access through the proxy web server and access to file servers on the remote switch.
Isolated subscriber VLAN named ClientConnections, which provides internet access for visiting clients and isolation from other visiting clients, the Research VLAN devices, and the remote file servers.
Non-isolated subscriber VLAN named Research, which provides internet access and enables communications between Research VLAN devices and the remote file servers.

The first configuration step is to create and configure the VLANs on the local switch:

create vlan Main
configure vlan Main add port 1:*
configure vlan Main tag 100
create vlan ClientConnections
configure vlan ClientConnections add port 2:*
configure vlan ClientConnections tag 200
create vlan Research
configure vlan Research add port 3:*
configure vlan Research tag 300

The remote switch VLAN is configured as follows:

create vlan Main
configure vlan Main add port 1:*
configure vlan Main tag 100

The next step is to create the PVLAN on the local switch and configure each of the component VLANs for the proper role:

create private-vlan MedPrivate
configure private-vlan "MedPrivate" add network "Main"
configure private-vlan "MedPrivate" add subscriber "ClientConnections"
configure private-vlan "MedPrivate" add subscriber "Research" non-isolated

The final step is to configure VLAN translation on the local switch so that Research VLAN workstations can connect to the file servers on the remote switch:
```
configure Main add ports 1:1 private-vlan translated
```

To view the completed configuration, enter the show private-vlan command as follows:

show private-vlan
--------------------------------------------------------------------------------------
Name            VID  Protocol Addr        Flags                Proto  Ports  Virtual
Active router
/Total
--------------------------------------------------------------------------------------
MedPrivate                                                                  VR-Default
Network VLAN:
-main          100  -------------------------------------    ANY    2 /48  VR-Default
Non-Isolated Subscriber VLAN:
-Research      300  -------------------------------------    ANY    2 /96  VR-Default
Isolated Subscriber VLAN:
-ClientConnections 200  ---------------------------------    ANY    2 /52  VR-Default

Published March 2020prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback