实验3 PrivateVlan

实验任务一:配置Primary Vlan和Secondary Vlan

  1. 建立物理连接
  2. 配置Private vlan
    [SWA]vlan 2 to 3
    [SWA-vlan10]private-vlan primary
    [SWA-vlan10]private-vlan secondary 2 3
    [SWA-vlan10]int ge 1/0/3
    [SWA-GigabitEthernet1/0/3]port private-vlan 10 promiscuous
    // promiscuous Specify the promiscuous mode in private VLAN

[SWA-GigabitEthernet1/0/1]port access vlan 2
[SWA-GigabitEthernet1/0/1]port private-vlan host
// host Specify the host mode in private VLAN

[SWA-GigabitEthernet1/0/2]port access vlan 3
[SWA-GigabitEthernet1/0/2]port private-vlan host

建立映射关系后,禁止向Primary和Secondary Vlan添加或删除端口以及删除VLAN的操作,只有在解除映射关系才能进行以上操作。

[SWA-GigabitEthernet1/0/2]display private-vlan
Primary VLAN ID: 10
Secondary VLAN ID: 2-3

VLAN ID: 10
VLAN type: Static
Private VLAN type: Primary
Route interface: Not configured
Description: VLAN 0010
Name: VLAN 0010
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/3

VLAN ID: 2
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0002
Name: VLAN 0002
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/1 GigabitEthernet1/0/3

VLAN ID: 3
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0003
Name: VLAN 0003
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/2 GigabitEthernet1/0/3

  1. Secondary VLAN和Primary Vlan互通测试
    [SWB]vlan 20
    [SWB-GigabitEthernet1/0/1]port access vlan 20
    [SWB]interface Vlan-interface 20
    [SWB-Vlan-interface20]ip ad 10.0.0.3 24

//vlan接口up的条件:
1 存在该Vlan
2. 该vlan有应用在端口上

SWB ping通 PCA PCB

[SWA]display mac-address
MAC Address VLAN ID State Port/Nickname Aging
a266-ac26-0105 2 Learned GE1/0/1 Y
a266-b11e-0205 3 Learned GE1/0/2 Y
a266-cbef-0402 10 Learned GE1/0/3 Y

[SWB]display arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address SVLAN/VSI Interface/Link ID Aging Type
10.0.0.1 a266-ac26-0105 20 GE1/0/1 18 D
10.0.0.2 a266-b11e-0205 20 GE1/0/1 20 D

[SWB]display mac-address
MAC Address VLAN ID State Port/Nickname Aging
a266-ac26-0105 20 Learned GE1/0/1 Y
a266-b11e-0205 20 Learned GE1/0/1 Y

此时,PCA和PCB互相ping不通。

[SWB-Vlan-interface20]local-proxy-arp enable
//开启本地代理ARP功能。

PCA此时可以ping通PCB.

posted @ 2019-07-07 22:25  Akiz  阅读(475)  评论(0)    收藏  举报