- Bronze, 100 points or more
Hi every body!
I was reading about isolated vlan in cisco book.That is what the cisco book says:
"Only one isolated VLAN can be mapped to a primary VLAN, but multiple community VLANs can be mapped to a primary VLAN."
My question is does it mean there could maximum one isolated vlan private vlan in a vlan? If there can be more than one, then how will the communication occur between two isolated private vlans in a vlan as one one isolated vlan is mapped to primary vlan?
thanks a lot and have a nice day!
thanks for your correction
let's give Sarah good information.
It is the opposite of what I have understood/remembered:
instead of having all isolated ports in many single isolated secondary vlans you can have multiple ports all belonging to the same isolated secondary vlan.
This allows for an implementation without wasting vlans numbers
Sarah: sorry for having given you a wrong information your questions are becoming difficult to answer :)
Firstly good luck with your exam.
Secondly all the docs i have read suggest that you can only have one isolated vlan per primary vlan domain. See this 6500 configuration doc as an example -
I've just moved house so haven't set lab back up yet so can't test.
the SVI is a special case and hasn't got a physical interface
according to my old book the following is enough:
private-vlan association 40,50
interface vlan 200
ip address 192.168.199.1 255.255.255.0
this is taken from BCMSN second edition
Copyright Â© 2004 Cisco Systems, Inc.
I used first and second edition of this book and I've found them accurate.
I think there is at least a third edition on cisco press
the current edition is 4th:
* By Richard Froom, Balaji Sivasubramanian, Erum Frahim.
* Published by Cisco Press.
* Series: Self-Study Guide.
Save to My Wish ListSave to My Wish List
but the authors have changed
Hope to help
yes you can map multiple different secondary vlans of type isolated to the same primary vlan.
I remember the examples in BCMSN second edition about this.
I did some basic testing on private vlans and I don't remember this kind of limitation.
private vlans have been thought to limit connectivity within a single ip subnet:
instead of using multiple /30 subnets you can place servers in a single subnet but you can make them to talk only with the default gateway.
This can be useful for providers offering server hosting services: instead of wasting precious public ip addresses (one for base subnet and one for broadcast you use 4 addresses for a /30) it is more convenient to use pvlans.
Pvlans as a mean to avoid ARP attacks, man in the middle are now less used. For this DAI, IP source guard and DHCP snooping are preferred.
Hope to help
only one switch port can be associated to a secondary vlan of type isolated but you can have multiple (different) isolated vlans mapped to the same primary vlan.
Hope to help