PVLAN question

Unanswered Question
Dec 4th, 2007
User Badges:
  • Bronze, 100 points or more

Hi.

I have three servers which communicate to each other using broadcast messages. 2 of these servers are on switch A and 1 server is on server B. All the servers are currently in default VLAN 1. Both the switches are connected to each other by a trunk port. Idea is to segregate the broadcast domain of VLAN 1 so that broadcasts from these servers do not reach the other workstations/servers in the same VLAN.Only these 3 servers should send/receive broadcast traffic to each other. Can i acheive the same using PVLANS. If yes, can someone please let me know how to configure the same.


regards

Zubair

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Martin Schoenbacher Wed, 12/05/2007 - 01:18
User Badges:

when you want to seperate the devices in 2 vlans you will need a layer 3 device to connect the IP traffic between the two vlans ... which switch do you use? only layer 2 capable switches and a router? layer 3 switches? ... please give us more information so that we can help you.

nambi_gct Wed, 12/05/2007 - 03:05
User Badges:
  • Bronze, 100 points or more

Hi Zubair,


First of all, VLAN 1 can NOT be configured as PVLAN.

If you just want to sepetrate the 3 servers in a broadcast domain, but you allow communications between the 3 servers, you really dont need a pvlan.You can as well create another VLAN and put all the servers in that VLAN.[I assume that there are just 3 servers in that vlan and nothing more]


In case if you want to seperate the servers in to more than one broadcast domains with in one vlan you can consider PVLAN and it resolves your requirement.


Hope this helps.


Thanks

Nambi.

zubairjalal Wed, 12/05/2007 - 04:08
User Badges:
  • Bronze, 100 points or more

Hi.



In case if you want to seperate the servers in to more than one broadcast domains with in one vlan you can consider PVLAN and it resolves your requirement. .....



zubair: How will the configuration be in that case.


nambi_gct Wed, 12/05/2007 - 05:06
User Badges:
  • Bronze, 100 points or more

Hi Zubair,


Here is an exmaple config.


Here VLAN 90 is primary.900 is isolated and 901 is the community

vlan.promiscuous ports are Gi1/2 and SVI90.

For your req you need to put the servers in the community vlan.


Switch#vlan database

Switch(vlan)#vtp transparent

Switch(vlan)#exit

Switch#conf t

Switch(config)#vlan 90

Switch(config-vlan)#private-vlan primary

Switch(config-vlan)#vlan 900

Switch(config-vlan)#private-vlan isolated

Switch(config-vlan)#vlan 901

Switch(config-vlan)#private-vlan community

Switch(config-vlan)#vlan 90

Switch(config-vlan)#private-vlan association 900,901

Switch(config-vlan)#interface range fastethernet 3/1 - 2

Switch(config-if)#switchport

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport mode private-vlan host-association 90 900

Switch(config-if)#no shut

Switch(config-if)#interface range fastethernet 3/46 , 3/48

Switch(config-if)#switchport

Switch(config-if)#switchport mode private-vlan host

Switch(config-if)#switchport mode private-vlan host-association 90 901

Switch(config-if)#no shut

Switch(config-if)#interface gigabitethernet 1/2

Switch(config-if)#switchport

Switch(config-if)#switchport mode private-vlan promiscuous

Switch(config-if)#switchport mode private-vlan mapping 90 900,901

Switch(config-if)#no shut

Switch(config-vif)#interface vlan 90

Switch(config-if)#ip address x.x.x.x 255.255.255.0

Switch(config-if)#private-vlan mapping 90 900,901

Switch(config-if)#no shut

Switch(config-if)#end

Switch #


Hope this helps.


Regards,

Nambi

Actions

This Discussion