PVLAN Configuration Example 2
PVLAN Configuration Example 2 shows a PVLAN configuration example for a motel.
PVLAN Configuration Example 2

This motel has guest rooms, a conference room, and their web proxy server on the first floor, and guest rooms on the second floor. The motel has three ExtremeSwitching switches. There is one on the first floor in a closet, one on the first floor in the conference room, and one on the second floor.
The PVLAN in PVLAN Configuration Example 2 contains the
following PVLAN components:
- A VLAN called Main that contains the web proxy server.
- A VLAN called ConfRoom that contains the ports for the conference room connections.
- A VLAN called ClientConnections that contains client PC connections for the guest rooms.
The goals for the motel
network are as follows:
- Provide internet access for the ConfRoom and ClientConnections VLANs through the web proxy server.
- Prevent communications between the ConfRoom and ClientConnections VLANs.
- Enable communications between clients on the ClientConnections VLAN only within the conference room.
- Enable communications between devices on the ConfRoom VLAN.
- Prevent communications between the PCs in the ClientConnections VLAN that are not in the conference room.
Notice the following in this example:
- The ExtremeSwitching switches in the first floor closet and on the second floor contain the Main VLAN with a tag of 100. This VLAN is connected via a tagged port between the first and second floor switches.
- The switch in the conference room does not contain the Main VLAN and cannot be a PVLAN member.
- All of the switches have the ClientConnections VLAN, and it uses VLAN tag 200.
- All of the switches have the ConfRoom VLAN, and it uses VLAN tag 300.
- The Conference Room switch connects to the rest of the network through a tagged connection to the switch in the first floor closet.
- Because the switch in the
first floor closet is a PVLAN member and uses the same port to support two
subscriber VLANs, a loopback port is required in all subscriber VLANs,
except the first configured subscriber VLAN (this applies to all
switches).
Note
The following examples contain comments that follow the CLI comment character (#). All text that follows this character is ignored by the switch and can be omitted from the switch configuration.
The following commands configure the switch in the first floor closet:
# Create and configure the VLANs. create vlan Main configure vlan Main add port 1 configure vlan Main tag 100 configure vlan Main add port 2 tagged create vlan ClientConnections configure vlan ClientConnections tag 200 configure vlan ClientConnections add port 5-19 configure vlan ClientConnections add port 20 tagged create vlan ConfRoom configure vlan ConfRoom tag 300 configure vlan ConfRoom add port 21-30 configure vlan ConfRoom add port 20 tagged
# Create and configure the PVLAN named Motel. create private-vlan Motel configure private-vlan Motel add network Main configure private-vlan Motel add subscriber ClientConnections # isolated subscriber VLAN configure private-vlan "Motel" add subscriber "ConfRoom" non-isolated loopback-port 30 configure private-vlan Motel add subscriber ConfRoom non-isolated # If you omit the loopback-port command, the above command produces the following error message: # Cannot add subscriber because another subscriber vlan is already present on the same port, assign a loopback port when adding the subscriber vlan to the private vlan
# show vlan "ConfRoom" VLAN Interface with name ConfRoom created by user Admin State: Enabled Tagging: 802.1Q Tag 300 Virtual router: VR-Default IPv6: None STPD: None Protocol: Match all unfiltered protocols Loopback: Disabled NetLogin: Disabled QosProfile: None configured Egress Rate Limit Designated Port: None configured Private-VLAN Name: Motel VLAN Type in Private-VLAN: Non-Isolated Subscriber Ports: 13. (Number of active ports=1) Untag: 21, 22, 23, 24, 25, 26, 27, 28, 29 Tag: 1s, 2s, 20, *30L Flags: (*) Active, (!) Disabled, (g) Load Sharing port (b) Port blocked on the vlan, (m) Mac-Based port (a) Egress traffic allowed for NetLogin (u) Egress traffic unallowed for NetLogin (t) Translate VLAN tag for Private-VLAN (s) Private-VLAN System Port, (L) Loopback port (x) VMAN Tag Translated port (F) Dynamically added by Fabric Attach (G) Multi-switch LAG Group port (H) Dynamically added by MVRP (I) Dynamically added by IDM (U) Dynamically added uplink port (V) Dynamically added by VM Tracking # Note that the loopback port is flagged with an "L" and listed as a tagged port, and the network VLAN ports are flagged with an "s" and listed as tagged ports.
The following commands configure the switch on the second floor:
# create and configure the VLANs create vlan Main configure vlan Main tag 100 configure vlan Main add port 2 tagged create vlan ClientConnections configure vlan ClientConnections tag 200 configure vlan ClientConnections add port 5-20 create vlan ConfRoom configure vlan ConfRoom tag 300 # Create and configure the PVLAN named Motel. create private-vlan Motel configure private-vlan Motel add network Main configure private-vlan Motel add subscriber ClientConnections # isolated subscriber VLAN configure private-vlan Motel add subscriber ConfRoom non-isolated
The following commands configure the switch in the conference room:
# create and configure the VLANs create vlan ClientConnections configure vlan ClientConnections tag 200 configure vlan ClientConnections add port 1-19 configure vlan ClientConnections add port 20 tag create vlan ConfRoom configure vlan ConfRoom tag 300 configure vlan ConfRoom add port 21-30 configure vlan ConfRoom add port 20 tag # The VLANs operate as extensions of the VLANs on the Summit in the first floor closet. There is no PVLAN configuration on this switch.