Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2004
Views
4
Helpful
3
Replies

PVLAN & VTP

Go to solution
fabio.marino
Level 1
Level 1

‎11-29-2010 08:52 AM - edited ‎03-06-2019 02:15 PM

Hello i'm Fabio Marino and i'm studying to prepare the 642-813 CCNP swicth exam.

My question involving interaction between private vlan and vtp.

My topology is reported below:

Lab.jpg

In brief:

---> PC0, PC1, PC3 are in the VLAN 100

---> PC2, PC4,PC5 in the VLAN 150.

--->Requests:

1)  PC1 cannot communicate with PC3

2) PC3 cannot communicate with PC3

3) PC1, PC3 can communicate with PC0

Solution Plan:

STEP1 - Configuring Trunk : All interfacess will carry normal VLAN and PVLAN, so i will use private vlan trunks

STEP1 - Configuring VLAN : I will create VLANs 100, 150 on the switch S3 (VTP Server) with remanings switch set on Client Mode.

STEP2 - Configuring PVLAN: I want to implement the private VLANs in order to satisfy requests 1,2,3. I will put all switches in transparent mode and then i will configure an isolated vlan for PC1 and PC3 and a primary vlan for PC0. I will configure pvlans in  all switches in order to maintain the security.

Questions and doubt:

1)If i configure all switches  in transparent mode in order to create PVLAN, how can i manage normal vlan? For example if i would like to rename a normal VLAN i need to configure all single switches? I mean can i have PVLAN e VTP at the same time? (i know that VTP v3 support PVLAN, but for VTPv1 and v2?)

2)I have doubt on the task "Configuring trunk": i have to use private vlan trunks or "traditional trunks" (i mean trunk as if i have normal vlan)?

Thanks, Fabio

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to fabio.marino

‎11-29-2010 01:24 PM

Hi Fabio,

Alright. In this case, if PC1 and PC3 are supposed to be isolated from each other and no other requirements are given, the task could be solved by creating a primary PVLAN and associating it with a single secondary isolated PVLAN. Both PCs shall be then placed into this isolated secondary PVLAN. They will be prevented from talking to each other but if the server (or whatever that is) connected to a PVLAN promisc port, they will be allowed to communicate with it.

may be in the future you can answer to some other questions!!!

Me or somebody else here. You are always welcome here on there forums. There are many outstanding networking experts here - I am sure you will always get a good response.

Best regards,

Peter

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎11-29-2010 09:22 AM

Hi Fabio,

I believe there is a typo in your task assignment. You are stating that "PC3 cannot communicate with PC3". What is the correct statement please? This detail may somewhat change the assignment solution.

STEP1 - Configuring Trunk : All interfacess will carry normal VLAN and PVLAN, so i will use private vlan trunks

No, you do not need private VLAN trunks. PVLAN trunks are special kinds of trunks which are necessary only in special scenarios. For more information, have a look at this thread: https://supportforums.cisco.com/message/3160548#3160548

Your solution would be to use normal trunks as usual, even if you are using PVLANs.

1)If i configure all switches  in transparent mode in order to create 
PVLAN, how can i manage normal vlan? For example if i would like to 
rename a normal VLAN i need to configure all single switches? I mean can
 i have PVLAN e VTP at the same time? (i know that VTP v3 support PVLAN,
 but for VTPv1 and v2?)

If you configure all switches to VTP Transparent mode then all changes to VLAN settings must be done manually. It does not matter whether you are modifying a normal VLAN or a private VLAN. It's as simple as that. VTPv1 and VTPv2 do not understand what a private VLAN is and cannot distribute information about the private VLANs, their types and mutual association (primary/secondary). Therefore, if you want to use PVLANs, you have to use the Transparent mode, and when you do that, you have to maintain your entire VLAN configuration manually.

VTPv3, as you have correctly pointed out, is capable of carrying information about PVLANs so it is strongly recommended to use that if possible. It has also another enhancements making it, say, more foolproof 

2)I have doubt on the task "Configuring trunk": i have to use private
 vlan trunks or "traditional trunks" (i mean trunk as if i have normal 
vlan)?

Use traditional trunks, and have a look at the thread I have referenced for more information about what the private VLAN trunks are good for.

Best regards,

Peter

Go to solution
fabio.marino
Level 1
Level 1
In response to Peter Paluch

‎11-29-2010 12:50 PM

Hi Peter,

yes a made a mistake, request 1 and 2 were:

1) PC1 cannot communicate with PC3

2) PC3 cannot communicate with PC1

Your response satisfied all my doubt.

I cannot implement this topolgy in real lab (i have not access to real lab), and also in GNS3 ore packet Tracer was not able to try it.

However, thanks for your help, may be in the future you can answer to some other questions!!!

Thanks,

  regardsFabio

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to fabio.marino

‎11-29-2010 01:24 PM

Hi Fabio,

Alright. In this case, if PC1 and PC3 are supposed to be isolated from each other and no other requirements are given, the task could be solved by creating a primary PVLAN and associating it with a single secondary isolated PVLAN. Both PCs shall be then placed into this isolated secondary PVLAN. They will be prevented from talking to each other but if the server (or whatever that is) connected to a PVLAN promisc port, they will be allowed to communicate with it.

may be in the future you can answer to some other questions!!!

Me or somebody else here. You are always welcome here on there forums. There are many outstanding networking experts here - I am sure you will always get a good response.

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card