06-06-2012 06:20 PM - edited 03-07-2019 07:06 AM
Hi everybody.
How is everybody doing?
I could not use GNS3 to perform the following setup:
h1--------f1/1-sw--f1/2--------h2
Sw1 has only vlan2. Sw f1/2 is in vlan2
switch( config) int f1/2
switch( config-if) switchport access vlan 2
Next we create secondary vlan 3
switch( con) vlan 3
switch (congfig-vlan) private -valn secondary
Next we declare vlan 2 as primary and associate secondary vlan 3 with primary vlan 2
switch( config) vlan 2
switch( config-vlan )private-vlan primary
switch(config-vlan) private-vlan association 3.
Next we configure the port f1/1:
switch(config) int f1/1
switch(config-if) switchport private-vlan host
switch(config-if) switchport private-vlan host-association 2 3
My question is : Will h1 be able to h2 just considering the above config while keeping in mind h1 is secondary vlan 3 while h2 is vlan2 primary vlan ?
================================================
What if we replace secondary vlan 3 above by isolated vlan 3, will h1 be able top ping h2 ?
thanks and have a great week.
Solved! Go to Solution.
06-06-2012 07:47 PM
Hi Sarah,
What if we replace secondary vlan 3 above by isolated vlan 3, will h1 be able top ping h2 ?
If you pur each port where each host in connected in isolated mode, than the hosts will not be able to communicated with each other. The ports in isolated mode can communicate with ports in promiscuous mode but not with each other.
HTH
06-07-2012 10:09 AM
Hi Sarah,
Yes, since the router interface is a promiscuos mode, h1 can communicate with the router. This is actually the way it should be designed, if not hosts will not be able to communicate with the router.
HTH
06-06-2012 07:47 PM
Hi Sarah,
What if we replace secondary vlan 3 above by isolated vlan 3, will h1 be able top ping h2 ?
If you pur each port where each host in connected in isolated mode, than the hosts will not be able to communicated with each other. The ports in isolated mode can communicate with ports in promiscuous mode but not with each other.
HTH
06-07-2012 09:38 AM
Thanks Reza
Can regular port i.e port not belonging to any secondary vlan communicate with promiscuous port ? Let me illustrate that:
h1------f1/1SW---f1/2--------Router
Sw(config) int f1/1
sw( config-if) iswitchport access vlan 2
Sw f1/2 port is in promiscuos mode
The primary vlan is vlan 2
Will h1 be able to communicate with Router? ( Please keep in mind, h1 is just connected to regular vlan2 not to any secondary vlan)
thanks
06-07-2012 10:09 AM
Hi Sarah,
Yes, since the router interface is a promiscuos mode, h1 can communicate with the router. This is actually the way it should be designed, if not hosts will not be able to communicate with the router.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide