Private Virtual Local Area Network (PVLAN) on Cisco SG 300

KaMaLoRa · ‎02-08-2018

Greetings,

I have three Cisco Switch SG300-28 28-Port Gigabit Managed Switch and one Cisco Router 1841. I want to implement PVLAN on all switches for security purposes. I configured VLAN on all switches then set a trunk port for Router-on-Stick, so it can be able to communicate with the other VLANs using InterVLAN Routing. I also set protected port wherein from VLAN 1 (ports 1 to 6) which is available to other ports (from 7 to 24) but VLAN 2 (ports 7 to 24) are not available to other ports (from 1 to 6) and so on. I want to set PVLAN but I don't know how to implement it (this is only my first time to configure it). Main concern is that where I can put the VLAN 1? Is it in community VLAN or Isolated VLAN or am I going to set it as a Primary VLAN? Because in every switch, VLAN 1 is configured and in up state. Hopefully, someone will help me up. Thank you guys in advance and God Bless.

GoncaloContente · ‎02-09-2018

Hi Kamalora,

To implement Pvlan we need to know the purpose of each PvLan port types, they are:

Promiscuous - This port is able to communicate with Community ports and Isolated Ports, This port is used as a gateway port. In your scenario you would configure the promiscuous port on the port that connect to your cisco router, so that every host on your switch is able to exit the network.

Community - This port is able to communicate with the promiscuous port and with other community ports.

Isolated - This port is only able to communicate with the promiscuous port.

They way you implement the port types are according to your needs

Here some reading for you to understand better this technology:

https://learningnetwork.cisco.com/docs/DOC-16110

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960cx_3650cx/software/release/15-2_3_e/configuration/guide/b_1523e_consolidated_2960cx_3560cx_cg/b_1523e_consolidated_2960cx_3560cx_cg_chapter_01010001.pdf

Hope this helps

Gonçalo Reis