Tuesday, 5 November 2013

Configuring a Private VLAN Spanning Multiple EX Series Switches - Juniper

Example: Configuring a Private VLAN Spanning Multiple EX Series Switches

For security reasons, it is often useful to restrict the flow of broadcast and unknown unicast traffic and to even limit the communication between known hosts. The private VLAN (PVLAN) feature on EX Series switches allows an administrator to split a broadcast domain into multiple isolated broadcast subdomains, essentially putting a VLAN inside a VLAN. A PVLAN can span multiple switches.
This example describes how to create a PVLAN spanning multiple EX Series switches. The example creates one primary PVLAN, containing multiple secondary VLANs:
Note: Configuring a voice over IP (VoIP) VLAN on PVLAN interfaces is not supported.

Requirements

This example uses the following hardware and software components:
  • Two EX3200 switches for the access switches and one EX4200 switch for the distribution switch
  • Junos OS Release 10.4 or later for EX Series switches
Before you begin configuring a PVLAN, make sure you have created and configured the necessary VLANs. See Configuring VLANs for EX Series Switches (CLI Procedure) or Configuring VLANs for EX Series Switches (J-Web Procedure).

Overview and Topology

In a large office with multiple buildings and VLANs, you might need to isolate some workgroups or other endpoints for security reasons or to partition the broadcast domain. This configuration example shows a topology to illustrate how to create a PVLAN spanning multiple EX Series switches, with one primary VLAN containing two community VLANs (one for HR and one for Finance), and an Inter-switch Isolated VLAN (for the mail server, the backup server, and CVS server). The PVLAN is comprised of three switches, two access switches and one distribution switch. The PVLAN is connected to a router through a promiscuous port, which is configured on the distribution switch.
Note: The isolated ports on Switch 1 and on Switch 2 do not have Layer 2 connectivity with each other even though they are included within the same domain. See Understanding Private VLANs on EX Series Switches.
Figure 1 shows the topology for this example—two access switches connecting to a distribution switch, which has a connection (through a promiscuous port) to the router.
Figure 1: PVLAN Topology Spanning Multiple Switches
Image g020910.gif
Table 1Table 2, and Table 3 list the settings for the example topology.
Table 1: Components of Switch 1 in the Topology for Configuring a PVLAN Spanning Multiple EX Series Switches
PropertySettings
VLAN names and tag IDs
primary-vlan, tag 100
isolation-id, tag 50
finance-comm, tag 300
hr-comm, tag 400
PVLAN trunk interfaces
ge-0/0/0.0, Connects Switch 1 to Switch 3

ge-0/0/5.0, Connects Switch 1 to Switch 2
Interfaces in VLAN isolation
ge-0/0/15.0, Mail server
ge-0/0/16.0, Backup server
Interfaces in VLAN finance-com
ge-0/0/11.0
ge-0/0/12.0
Interfaces in VLAN hr-comm
ge-0/0/13.0
ge-0/0/14.0
Table 2 lists the settings for the example topology.
Table 2: Components of Switch 2 in the Topology for Configuring a PVLAN Spanning Multiple EX Series Switches
PropertySettings
VLAN names and tag IDs
primary-vlan, tag 100
isolation-id, tag 50
finance-comm, tag 300
hr-comm, tag 400
PVLAN trunk interfaces
ge-0/0/0.0, Connects Switch 2 to Switch 3

ge-0/0/5.0, Connects Switch 2 to Switch 1
Interfaces in VLAN isolation
ge-0/0/17.0,CVS server
Interfaces in VLAN finance-com
ge-0/0/11.0
ge-0/0/12.0
Interfaces in VLAN hr-comm
ge-0/0/13.0
ge-0/0/14.0
Table 3 lists the settings for the example topology.
Table 3: Components of Switch 3 in the Topology for Configuring a PVLAN Spanning Multiple EX Series Switches
PropertySettings
VLAN names and tag IDs
primary-vlan, tag 100
isolation-id, tag 50
finance-comm, tag 300
hr-comm, tag 400
PVLAN trunk interfaces
ge-0/0/0.0, Connects Switch 3 to Switch 1

ge-0/0/1.0, Connects Switch 3 to Switch 2
Promiscuous port
ge-0/0/2, Connects the PVLAN to the router
Note: You must configure the trunk port that connects the PVLAN to another switch or router outside the PVLAN as a member of the PVLAN, which implicitly configures it as a promiscuous port.

Configuring a PVLAN on Switch 1

CLI Quick Configuration

To quickly create and configure a PVLAN spanning multiple switches, copy the following commands and paste them into the terminal window of Switch 1:

[edit]


set vlans finance-comm vlan-id 300


set vlans finance-comm interface ge-0/0/11.0


set vlans finance-comm interface ge-0/0/12.0


set vlans finance-comm primary-vlan pvlan100


set vlans hr-comm vlan-id 400


set vlans hr-comm interface ge-0/0/13.0


set vlans hr-comm interface ge-0/0/14.0


set vlans hr-comm primary-vlan pvlan100


set vlans pvlan100 vlan-id 100


set vlans pvlan100 interface ge-0/0/15.0


set vlans pvlan100 interface ge-0/0/16.0


set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk


set vlans pvlan100 interface ge-0/0/5.0 pvlan-trunk


set vlans pvlan100 no-local-switching


set vlans pvlan100 isolation-id 50

Step-by-Step Procedure

To configure a PVLAN on Switch 1 that will span multiple switches:
  1. Set the VLAN ID for the finance-comm community VLAN that spans the switches:

    [edit vlans]
    user@switch# finance-comm vlan-id 300

    user@switch# set pvlan100 vlan–id 100
  2. Configure access interfaces for the finance-comm VLAN:

    [edit vlans]
    user@switch# set finance-comm interface ge-0/0/11.0

    user@switch# set finance-comm interface ge-0/0/12.0
  3. Set the primary VLAN of this secondary community VLAN, finance-comm :

    [edit vlans]
    user@switch# set vlans finance-comm primary-vlan pvlan100
  4. Set the VLAN ID for the HR community VLAN that spans the switches.

    [edit vlans]
    user@switch# hr-comm vlan-id 400
  5. Configure access interfaces for the hr-comm VLAN:

    [edit vlans]
    user@switch# set hr-comm interface ge-0/0/13.0


    user@switch# set hr-comm interface ge-0/0/14.0
  6. Set the primary VLAN of this secondary community VLAN, hr-comm :

    [edit vlans]
    user@switch# set vlans hr-comm primary-vlan pvlan100
  7. Set the VLAN ID for the primary VLAN:

    [edit vlans]
    user@switch# set pvlan100 vlan–id 100
  8. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:

    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk


    user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk
  9. Set the primary VLAN to have no local switching:

    [edit vlans]
    user@switch# set pvlan100 no-local-switching
  10. Set the inter-switch isolated ID to create an inter-switch isolated domain that spans the switches:

    [edit vlans]
    user@switch# set pvlan100 isolation-id 50
    Note: To configure an isolated port, include it as one of the members of the primary VLAN but do not configure it as belonging to one of the community VLANs.

Results

Check the results of the configuration:
[edit]
user@switch# showvlans {finance-comm {vlan-id 300;interface {ge-0/0/11.0;ge-0/0/12.0;}primary-vlan pvlan100;}hr-comm {vlan-id 400;interface {ge-0/0/13.0;ge-0/0/14.0;}primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/15.0;ge-0/0/16.0;ge-0/0/0.0 {pvlan-trunk;}ge-0/0/5.0 {pvlan-trunk;}}no-local-switching;isolation-id 50;}}

Configuring a PVLAN on Switch 2

CLI Quick Configuration

To quickly create and configure a private VLAN spanning multiple switches, copy the following commands and paste them into the terminal window of Switch 2:
Note: The configuration of Switch 2 is the same as the configuration of Switch 1 except for the interface in the inter-switch isolated domain. For Switch 2, the interface is ge-0/0/17.0.

[edit]


set vlans finance-comm vlan-id 300


set vlans finance-comm interface ge-0/0/11.0


set vlans finance-comm interface ge-0/0/12.0


set vlans finance-comm primary-vlan pvlan100


set vlans hr-comm vlan-id 400


set vlans hr-comm interface ge-0/0/13.0


set vlans hr-comm interface ge-0/0/14.0


set vlans hr-comm primary-vlan pvlan100


set vlans pvlan100 vlan-id 100


set vlans pvlan100 interface ge-0/0/17.0


set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk


set vlans pvlan100 interface ge-0/0/5.0 pvlan-trunk


set vlans pvlan100 no-local-switching


set vlans pvlan100 isolation-id 50

Step-by-Step Procedure

To configure a PVLAN on Switch 2 that will span multiple switches:
  1. Set the VLAN ID for the finance-comm community VLAN that spans the switches:

    [edit vlans]
    user@switch# finance-comm vlan-id 300

    user@switch# set pvlan100 vlan–id 100
  2. Configure access interfaces for the finance-comm VLAN:

    [edit vlans]
    user@switch# set finance-comm interface ge-0/0/11.0

    user@switch# set finance-comm interface ge-0/0/12.0
  3. Set the primary VLAN of this secondary community VLAN, finance-comm :

    [edit vlans]
    user@switch# set vlans finance-comm primary-vlan pvlan100
  4. Set the VLAN ID for the HR community VLAN that spans the switches.

    [edit vlans]
    user@switch# hr-comm vlan-id 400
  5. Configure access interfaces for the hr-comm VLAN:

    [edit vlans]
    user@switch# set hr-comm interface ge-0/0/13.0


    user@switch# set hr-comm interface ge-0/0/14.0
  6. Set the primary VLAN of this secondary community VLAN, hr-comm :

    [edit vlans]
    user@switch# set vlans hr-comm primary-vlan pvlan100
  7. Set the VLAN ID for the primary VLAN:

    [edit vlans]
    user@switch# set pvlan100 vlan–id 100
  8. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:

    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk


    user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk
  9. Set the primary VLAN to have no local switching:

    [edit vlans]
    user@switch# set pvlan100 no-local-switching
  10. Set the inter-switch isolated ID to create an inter-switch isolated domain that spans the switches:

    [edit vlans]
    user@switch# set pvlan100 isolation-id 50
    Note: To configure an isolated port, include it as one of the members of the primary VLAN but do not configure it as belonging to one of the community VLANs.

Results

Check the results of the configuration:
[edit]
user@switch# showvlans {finance-comm {vlan-id 300;interface {ge-0/0/11.0;ge-0/0/12.0;}primary-vlan pvlan100;}hr-comm {vlan-id 400;interface {ge-0/0/13.0;ge-0/0/14.0;}primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/15.0;ge-0/0/16.0;ge-0/0/0.0 {pvlan-trunk;}ge-0/0/5.0 {pvlan-trunk;}ge-0/0/17.0;}no-local-switching;isolation-id 50;}}

Configuring a PVLAN on Switch 3

CLI Quick Configuration

To quickly configure Switch 3 to function as the distribution switch of this PVLAN, copy the following commands and paste them into the terminal window of Switch 3:
Note: Interface ge-0/0/2.0 is a trunk port connecting the PVLAN to a router.

[edit]


set vlans finance-comm vlan-id 300


set vlans finance-comm primary-vlan pvlan100


set vlans hr-comm vlan-id 400


set vlans hr-comm primary-vlan pvlan100


set vlans pvlan100 vlan-id 100


set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk


set vlans pvlan100 interface ge-0/0/1.0 pvlan-trunk


set vlans pvlan100 interface ge-0/0/2.0


set vlans pvlan100 no-local-switching


set vlans pvlan100 isolation-id 50

Step-by-Step Procedure

To configure Switch 3 to function as the distribution switch for this PVLAN, use the following procedure:
  1. Set the VLAN ID for the finance-comm community VLAN that spans the switches:

    [edit vlans]
    user@switch# finance-comm vlan-id 300

    [edit vlans]
    user@switch# set pvlan100 vlan–id 100
  2. Set the primary VLAN of this secondary community VLAN, finance-comm :

    [edit vlans]
    user@switch# set vlans finance-comm primary-vlan pvlan100
  3. Set the VLAN ID for the HR community VLAN that spans the switches.

    [edit vlans]
    user@switch# hr-comm vlan-id 400
  4. Set the primary VLAN of this secondary community VLAN, hr-comm :

    [edit vlans]
    user@switch# set vlans hr-comm primary-vlan pvlan100
  5. Set the VLAN ID for the primary VLAN:

    [edit vlans]
    user@switch# set pvlan100 vlan–id 100
  6. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:

    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk


    user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk
  7. Set the promiscuous port to belong to the primary VLAN:

    [edit vlans]
    user@switch# set pvlan100 interface ge-0/0/2.0
  8. Set the primary VLAN to have no local switching:

    [edit vlans]
    user@switch# set pvlan100 no-local-switching
  9. Set the inter-switch isolated ID to create an inter-switch isolated domain that spans the switches:

    [edit vlans]
    user@switch# set pvlan100 isolation-id 50
    Note: To configure an isolated port, include it as one of the members of the primary VLAN but do not configure it as belonging to one of the community VLANs.

Results

Check the results of the configuration:
[edit]
user@switch# showvlans {finance-comm {vlan-id 300;primary-vlan pvlan100;}hr-comm {vlan-id 400;primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/0.0 {pvlan-trunk;}ge-0/0/1.0 {pvlan-trunk;}ge-0/0/2.0;}no-local-switching;isolation-id 50;}}

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 1

Purpose

Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 1:

Action

Use the show vlans extensive command:

user@switch> show vlans extensive
VLAN: __pvlan_pvlan100_ge-0/0/15.0__, Created at: Thu Sep 16 23:15:27 2010
Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/15.0*, untagged, access

VLAN: __pvlan_pvlan100_ge-0/0/16.0__, Created at: Thu Sep 16 23:15:27 2010
Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/16.0*, untagged, access

VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 50, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 300, Internal index: 8, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access

VLAN: hr-comm, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 400, Internal index: 9, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access

VLAN: pvlan100, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  6 (Active = 6)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access
      ge-0/0/15.0*, untagged, access
      ge-0/0/16.0*, untagged, access
Secondary VLANs: Isolated 2, Community  2, Inter-switch-isolated  1
  Isolated VLANs :
      __pvlan_pvlan100_ge-0/0/15.0__
      __pvlan_pvlan100_ge-0/0/16.0__
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

Meaning

The output shows that a PVLAN was created on Switch 1 and shows that it includes two isolated VLANs, two community VLANs, and an inter-switch isolated VLAN. The presence of the pvlan-trunk and Inter-switch-isolated fields are indicative that this PVLAN is spanning more than one switch.

Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 2

Purpose

Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 2:

Action

Use the show vlans extensive command:

user@switch> show vlans extensive
VLAN: __pvlan_pvlan100_ge-0/0/17.0__, Created at: Thu Sep 16 23:19:22 2010
Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/17.0*, untagged, access

VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 50, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 300, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access

VLAN: hr-comm, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 400, Internal index: 8, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access

VLAN: pvlan100, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  5 (Active = 5)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access
      ge-0/0/17.0*, untagged, access
Secondary VLANs: Isolated 1, Community  2, Inter-switch-isolated  1
  Isolated VLANs :
      __pvlan_pvlan100_ge-0/0/17.0__
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

Meaning

The output shows that a PVLAN was created on Switch 1 and shows that it includes two isolated VLANs, two community VLANs, and an inter-switch isolated VLAN. The presence of the pvlan-trunk and Inter-switch-isolated fields are indicative that this is PVLAN spanning more than one switch. When you compare this output to the output of Switch 1, you can see that both switches belong to the same PVLAN (pvlan100).

Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 3

Purpose

Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 3:

Action

Use the show vlans extensive command:

user@switch> show vlans extensive
VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 50, Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 300, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: hr-comm, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 400, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: pvlan100, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk
Secondary VLANs: Isolated 0, Community  2, Inter-switch-isolated  1
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

Meaning

The output shows that the PVLAN (pvlan100) is also configured on Switch 3 and that it includes two isolated VLANs, two community VLANs, and an inter-switch isolated VLAN. But Switch 3 is functioning as a distribution switch, so the output does not include access interfaces within the PVLAN. It shows only the pvlan-trunkinterfaces that connect pvlan100 from Switch 3 to the other switches (Switch 1 and Switch 2) in the same PVLAN.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)