Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring a Private VLAN Spanning Multiple Switches

    For security reasons, it is often useful to restrict the flow of broadcast and unknown unicast traffic and even to limit the communication between known hosts. The private VLAN (PVLAN) feature allows an administrator to split a broadcast domain into multiple isolated broadcast subdomains, essentially putting a VLAN inside a VLAN. A PVLAN can span multiple switches.

    This example describes how to create a PVLAN spanning multiple switches. The example creates one primary PVLAN, containing multiple secondary VLANs:

    Requirements

    This example uses the following hardware and software components:

    • Three QFX3500 devices
    • Junos OS Release 12.1 or later for the QFX Series

    Before you begin configuring a PVLAN, make sure you have created and configured the necessary VLANs. See Configuring VLANs.

    Overview and Topology

    In a large office with multiple buildings and VLANs, you might need to isolate some workgroups or other endpoints for security reasons or to partition the broadcast domain. This configuration example shows how to create a PVLAN spanning multiple QFX devices, with one primary VLAN containing two community VLANs (one for HR and one for Finance), and an interswitch isolated VLAN (for the mail server, the backup server, and the CVS server). The PVLAN comprises three switches, two access switches and one distribution switch. The PVLAN is connected to a router through a promiscuous port, which is configured on the distribution switch.

    Note: The isolated ports on Switch 1 and on Switch 2 do not have Layer 2 connectivity with one another even though they are included within the same domain. See Understanding Private VLANs.

    Figure 1 shows the topology for this example—two access switches connecting to a distribution switch, which has a connection (through a promiscuous port) to the router.

    Figure 1: PVLAN Topology Spanning Multiple Switches

    PVLAN Topology Spanning Multiple Switches

    Table 1, Table 2, and Table 3 list the settings for the example topology.

    Table 1: Components of Switch 1 in the Topology for Configuring a PVLAN Spanning Multiple Devices

    PropertySettings

    VLAN names and tag IDs

    primary-vlan, tag 100

    isolation-vlan-id, tag 50
    finance-comm, tag 300
    hr-comm, tag 400

    PVLAN trunk interfaces

    ge-0/0/0.0, connects Switch 1 to Switch 3


    ge-0/0/5.0, connects Switch 1 to Switch 2

    Isolated Interfaces in primary VLAN

    ge-0/0/15.0, mail server

    ge-0/0/16.0, backup server

    Interfaces in VLAN finance-com

    ge-0/0/11.0

    ge-0/0/12.0

    Interfaces in VLAN hr-comm

    ge-0/0/13.0

    ge-0/0/14.0

    Table 2: Components of Switch 2 in the Topology for Configuring a PVLAN Spanning Multiple Devices

    PropertySettings

    VLAN names and tag IDs

    primary-vlan, tag 100

    isolation-vlan-id, tag 50
    finance-comm, tag 300
    hr-comm, tag 400

    PVLAN trunk interfaces

    ge-0/0/0.0, connects Switch 2 to Switch 3


    ge-0/0/5.0, connects Switch 2 to Switch 1

    Isolated Interface in primary VLAN

    ge-0/0/17.0, CVS server

    Interfaces in VLAN finance-com

    ge-0/0/11.0

    ge-0/0/12.0

    Interfaces in VLAN hr-comm

    ge-0/0/13.0

    ge-0/0/14.0

    Table 3: Components of Switch 3 in the Topology for Configuring a PVLAN Spanning Multiple Devices

    PropertySettings

    VLAN names and tag IDs

    primary-vlan, tag 100

    isolation-vlan-id, tag 50
    finance-comm, tag 300
    hr-comm, tag 400

    PVLAN trunk interfaces

    ge-0/0/0.0, connects Switch 3 to Switch 1


    ge-0/0/1.0, connects Switch 3 to Switch 2

    Promiscuous port

    ge-0/0/2, connects the PVLAN to the router

    Note: You must configure the trunk port that connects the PVLAN to another switch or router outside the PVLAN as a member of the PVLAN, which implicitly configures it as a promiscuous port.

    Configuring a PVLAN on Switch 1

    When configuring a PVLAN on multiple switches, these rules apply:

    • The primary VLAN must be a tagged VLAN. We recommend that you configure the primary VLAN first.
    • If you are going to configure a community VLAN ID, you must first configure the primary VLAN and the PVLAN trunk port. You must also configure the primary VLAN to be private using the pvlan statement.
    • If you are going to configure an isolation VLAN ID, you must first configure the primary VLAN and the PVLAN trunk port.

    CLI Quick Configuration

    To quickly create and configure a PVLAN spanning multiple switches, copy the following commands and paste them into the terminal window of Switch 1:

    [edit]

    set vlans finance-comm vlan-id 300

    set vlans finance-comm interface ge-0/0/11.0

    set vlans finance-comm interface ge-0/0/12.0

    set vlans finance-comm primary-vlan pvlan100

    set vlans hr-comm vlan-id 400

    set vlans hr-comm interface ge-0/0/13.0

    set vlans hr-comm interface ge-0/0/14.0

    set vlans hr-comm primary-vlan pvlan100

    set vlans pvlan100 vlan-id 100

    set vlans pvlan100 interface ge-0/0/15.0

    set vlans pvlan100 interface ge-0/0/16.0

    set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk

    set vlans pvlan100 interface ge-0/0/5.0 pvlan-trunk

    set vlans pvlan100 pvlan

    set vlans pvlan100 pvlan isolation-vlan-id 50

    set pvlan100 interface ge-0/0/15.0 isolated

    set pvlan100 interface ge-0/0/16.0 isolated

    Step-by-Step Procedure

    1. Set the VLAN ID for the primary VLAN:
      [edit vlans]
      user@switch# set pvlan100 vlan-id 100
    2. Set the PVLAN trunk interfaces to connect this VLAN across neighboring switches:
      [edit vlans]
      user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk
      user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk

    3. Set the primary VLAN to be private and have no local switching:
      [edit vlans]
      user@switch# set pvlan100 pvlan
    4. Set the VLAN ID for the finance-comm community VLAN that spans the switches:
      [edit vlans]
      user@switch# set finance-comm vlan-id 300
    5. Configure access interfaces for the finance-comm VLAN:
      [edit vlans]
      user@switch# set finance-comm interface ge-0/0/11.0
      user@switch# set finance-comm interface ge-0/0/12.0
    6. Set the primary VLAN of this secondary community VLAN, finance-comm :
      [edit vlans]
      user@switch# set vlans finance-comm primary-vlan pvlan100
    7. Set the VLAN ID for the HR community VLAN that spans the switches.
      [edit vlans]
      user@switch# set hr-comm vlan-id 400
    8. Configure access interfaces for the hr-comm VLAN:
      [edit vlans]
      user@switch# set hr-comm interface ge-0/0/13.0
      user@switch# set hr-comm interface ge-0/0/14.0
    9. Set the primary VLAN of this secondary community VLAN, hr-comm:
      [edit vlans]
      user@switch# set vlans hr-comm primary-vlan pvlan100
    10. Set the interswitch isolated ID to create an interswitch isolated domain that spans the switches:
      [edit vlans]
      user@switch# set pvlan100 pvlan isolation-vlan-id 50
    11. Configure the isolated interfaces in the primary VLAN:
      [edit vlans]
      user@switch# set pvlan100 interface ge-0/0/15.0 isolated
      user@switch# set pvlan100 interface ge-0/0/16.0 isolated

      Note: When you configure an isolated port, include it as a member of the primary VLAN, but do not configure it as a member of any community VLAN.

    Results

    Check the results of the configuration:

    [edit]
    user@switch# show
    vlans {finance-comm {vlan-id 300;interface {ge-0/0/11.0;ge-0/0/12.0;}primary-vlan pvlan100;}hr-comm {vlan-id 400;interface {ge-0/0/13.0;ge-0/0/14.0;}primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/15.0;ge-0/0/16.0;ge-0/0/0.0 {pvlan-trunk;}ge-0/0/5.0 {pvlan-trunk;}}pvlan;isolation-vlan-id 50;}}

    Configuring a PVLAN on Switch 2

    CLI Quick Configuration

    To quickly create and configure a private VLAN spanning multiple switches, copy the following commands and paste them into the terminal window of Switch 2:

    Note: The configuration of Switch 2 is the same as the configuration of Switch 1 except for the interface in the interswitch isolated domain. For Switch 2, the interface is ge-0/0/17.0.

    [edit]

    set vlans finance-comm vlan-id 300

    set vlans finance-comm interface ge-0/0/11.0

    set vlans finance-comm interface ge-0/0/12.0

    set vlans finance-comm primary-vlan pvlan100

    set vlans hr-comm vlan-id 400

    set vlans hr-comm interface ge-0/0/13.0

    set vlans hr-comm interface ge-0/0/14.0

    set vlans hr-comm primary-vlan pvlan100

    set vlans pvlan100 vlan-id 100

    set vlans pvlan100 interface ge-0/0/17.0

    set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk

    set vlans pvlan100 interface ge-0/0/5.0 pvlan-trunk

    set vlans pvlan100 pvlan

    set vlans pvlan100 pvlan isolation-vlan-id 50

    set pvlan100 interface ge-0/0/17.0 isolated

    Step-by-Step Procedure

    To configure a PVLAN on Switch 2 that will span multiple switches:

    1. Set the VLAN ID for the finance-comm community VLAN that spans the switches:
      [edit vlans]
      user@switch# set finance-comm vlan-id 300
    2. Configure access interfaces for the finance-comm VLAN:
      [edit vlans]
      user@switch# set finance-comm interface ge-0/0/11.0
      user@switch# set finance-comm interface ge-0/0/12.0
    3. Set the primary VLAN of this secondary community VLAN, finance-comm:
      [edit vlans]
      user@switch# set vlans finance-comm primary-vlan pvlan100
    4. Set the VLAN ID for the HR community VLAN that spans the switches.
      [edit vlans]
      user@switch# set hr-comm vlan-id 400
    5. Configure access interfaces for the hr-comm VLAN:
      [edit vlans]
      user@switch# set hr-comm interface ge-0/0/13.0
      user@switch# set hr-comm interface ge-0/0/14.0
    6. Set the primary VLAN of this secondary community VLAN, hr-comm:
      [edit vlans]
      user@switch# set vlans hr-comm primary-vlan pvlan100
    7. Set the VLAN ID for the primary VLAN:
      [edit vlans]
      user@switch# set pvlan100 vlan-id 100
    8. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:
      [edit vlans]
      user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk
      user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk

    9. Set the primary VLAN to be private and have no local switching:
      [edit vlans]
      user@switch# set pvlan100 pvlan
    10. Set the interswitch isolated ID to create an interswitch isolated domain that spans the switches:
      [edit vlans]
      user@switch# set pvlan100 pvlan isolation-vlan-id 50

      Note: To configure an isolated port, include it as one of the members of the primary VLAN, but do not configure it as belonging to one of the community VLANs.

    11. Configure the isolated interface in the primary VLAN:
      [edit vlans]
      user@switch# set pvlan100 interface ge-0/0/17.0 isolated

    Results

    Check the results of the configuration:

    [edit] user@switch# show
    vlans {finance-comm {vlan-id 300;interface {ge-0/0/11.0;ge-0/0/12.0;}primary-vlan pvlan100;}hr-comm {vlan-id 400;interface {ge-0/0/13.0;ge-0/0/14.0;}primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/15.0;ge-0/0/16.0;ge-0/0/0.0 {pvlan-trunk;}ge-0/0/5.0 {pvlan-trunk;}ge-0/0/17.0;}pvlan;isolation-vlan-id 50;}}

    Configuring a PVLAN on Switch 3

    CLI Quick Configuration

    To quickly configure Switch 3 to function as the distribution switch of this PVLAN, copy the following commands and paste them into the terminal window of Switch 3:

    Note: Interface ge-0/0/2.0 is a trunk port connecting the PVLAN to a router.

    [edit]

    set vlans finance-comm vlan-id 300

    set vlans finance-comm primary-vlan pvlan100

    set vlans hr-comm vlan-id 400

    set vlans hr-comm primary-vlan pvlan100

    set vlans pvlan100 vlan-id 100

    set vlans pvlan100 interface ge-0/0/0.0 pvlan-trunk

    set vlans pvlan100 interface ge-0/0/1.0 pvlan-trunk

    set vlans pvlan100 pvlan

    set vlans pvlan100 pvlan isolation-vlan-id 50

    Step-by-Step Procedure

    To configure Switch 3 to function as the distribution switch for this PVLAN, use the following procedure:

    1. Set the VLAN ID for the finance-comm community VLAN that spans the switches:
      [edit vlans]
      user@switch# finance-comm vlan-id 300
    2. Set the primary VLAN of this secondary community VLAN, finance-comm:
      [edit vlans]
      user@switch# set vlans finance-comm primary-vlan pvlan100
    3. Set the VLAN ID for the HR community VLAN that spans the switches:
      [edit vlans]
      user@switch# set hr-comm vlan-id 400
    4. Set the primary VLAN of this secondary community VLAN, hr-comm:
      [edit vlans]
      user@switch# set vlans hr-comm primary-vlan pvlan100
    5. Set the VLAN ID for the primary VLAN:
      [edit vlans]
      user@switch# set pvlan100 vlan-id 100
    6. Set the PVLAN trunk interfaces that will connect this VLAN across neighboring switches:
      [edit vlans]
      user@switch# set pvlan100 interface ge-0/0/0.0 pvlan-trunk
      user@switch# set pvlan100 interface ge-0/0/5.0 pvlan-trunk

    7. Set the primary VLAN to be private and have no local switching:
      [edit vlans]
      user@switch# set pvlan100 pvlan
    8. Set the interswitch isolated ID to create an interswitch isolated domain that spans the switches:
      [edit vlans]
      user@switch# set pvlan100 pvlan isolation-vlan-id 50

      Note: To configure an isolated port, include it as one of the members of the primary VLAN, but do not configure it as belonging to one of the community VLANs.

    Results

    Check the results of the configuration:

    [edit]user@switch# show
    vlans {finance-comm {vlan-id 300;primary-vlan pvlan100;}hr-comm {vlan-id 400;primary-vlan pvlan100;}pvlan100 {vlan-id 100;interface {ge-0/0/0.0 {pvlan-trunk;}ge-0/0/1.0 {pvlan-trunk;}ge-0/0/2.0;}pvlan;isolation-vlan-id 50;}}

    Verification

    To confirm that the configuration is working properly, perform these tasks:

    Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 1

    Purpose

    Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 1:

    Action

    Use the show vlans extensive command:

    user@switch> show vlans extensive
    VLAN: __pvlan_pvlan100_ge-0/0/15.0__, Created at: Thu Sep 16 23:15:27 2010
Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/15.0*, untagged, access

VLAN: __pvlan_pvlan100_ge-0/0/16.0__, Created at: Thu Sep 16 23:15:27 2010
Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/16.0*, untagged, access

VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 50, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 300, Internal index: 8, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access

VLAN: hr-comm, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 400, Internal index: 9, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access

VLAN: pvlan100, Created at: Thu Sep 16 23:15:27 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  6 (Active = 6)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access
      ge-0/0/15.0*, untagged, access
      ge-0/0/16.0*, untagged, access
Secondary VLANs: Isolated 2, Community  2, Inter-switch-isolated  1
  Isolated VLANs :
      __pvlan_pvlan100_ge-0/0/15.0__
      __pvlan_pvlan100_ge-0/0/16.0__
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

    Meaning

    The output shows that a PVLAN was created on Switch 1 and shows that it includes two isolated VLANs, two community VLANs, and an interswitch isolated VLAN. The presence of the pvlan-trunk and Inter-switch-isolated fields indicates that this PVLAN is spanning more than one switch.

    Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 2

    Purpose

    Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 2:

    Action

    Use the show vlans extensive command:

    user@switch> show vlans extensive
    VLAN: __pvlan_pvlan100_ge-0/0/17.0__, Created at: Thu Sep 16 23:19:22 2010
Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  1 (Active = 1)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/17.0*, untagged, access

VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 50, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 300, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access

VLAN: hr-comm, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 400, Internal index: 8, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  2 (Active = 2)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access

VLAN: pvlan100, Created at: Thu Sep 16 23:19:22 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  5 (Active = 5)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/5.0*, tagged, trunk, pvlan-trunk
      ge-0/0/11.0*, untagged, access
      ge-0/0/12.0*, untagged, access
      ge-0/0/13.0*, untagged, access
      ge-0/0/14.0*, untagged, access
      ge-0/0/17.0*, untagged, access
Secondary VLANs: Isolated 1, Community  2, Inter-switch-isolated  1
  Isolated VLANs :
      __pvlan_pvlan100_ge-0/0/17.0__
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

    Meaning

    The output shows that a PVLAN was created on Switch 2 and shows that it includes one isolated VLAN, two community VLANs, and an interswitch isolated VLAN. The presence of the pvlan-trunk and Inter-switch-isolated fields indicates that this PVLAN is spanning more than one switch. When you compare this output to the output of Switch 1, you can see that both switches belong to the same PVLAN (pvlan100).

    Verifying That the Primary VLAN and Secondary VLANs Were Created on Switch 3

    Purpose

    Verify that the PVLAN configuration spanning multiple switches is working properly on Switch 3:

    Action

    Use the show vlans extensive command:

    user@switch> show vlans extensive
    VLAN: __pvlan_pvlan100_isiv__, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 50, Internal index: 5, Admin State: Enabled, Origin: Static
Private VLAN Mode: Inter-switch-isolated, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: default, Created at: Thu Sep 16 03:03:18 2010
Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged  0 (Active = 0)

VLAN: finance-comm, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 300, Internal index: 6, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: hr-comm, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 400, Internal index: 7, Admin State: Enabled, Origin: Static
Private VLAN Mode: Community, Primary VLAN: pvlan100
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk

VLAN: pvlan100, Created at: Thu Sep 16 23:22:40 2010
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Private VLAN Mode: Primary
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 2 (Active = 2), Untagged  0 (Active = 0)
      ge-0/0/0.0*, tagged, trunk, pvlan-trunk
      ge-0/0/1.0*, tagged, trunk, pvlan-trunk
Secondary VLANs: Isolated 0, Community  2, Inter-switch-isolated  1
  Community VLANs :
      finance-comm
      hr-comm
  Inter-switch-isolated VLAN :
      __pvlan_pvlan100_isiv__

    Meaning

    The output shows that the PVLAN (pvlan100) is configured on Switch 3 and that it includes no isolated VLANs, two community VLANs, and an interswitch isolated VLAN. But Switch 3 is functioning as a distribution switch, so the output does not include access interfaces within the PVLAN. It shows only the pvlan-trunk interfaces that connect pvlan100 from Switch 3 to the other switches (Switch 1 and Switch 2) in the same PVLAN.

     

    Related Documentation

     

    Published: 2013-01-23

    Previous Page Next Page