Skip to main content

Cisco PVLAN configuration details


CCIE exam dumps Cisco PVLAN configuration details

PVLAN is private VLAN . The PVLAN uses two-layer VLAN isolation technology. Only the upper VLANs are visible globally, and the lower VLANs are isolated from each other.ccie exam dumps .If each port of a switch or IP DSLAM device is zoned as one (lower) VLAN, isolation of all ports is achieved.

pVLANs are typically used on intranets to prevent communication between network devices connected to certain interfaces or groups of interfaces, but allow communication with the default gateway. Although each device is in a different pVLAN, they can use the same IP subnet.

PVLANs allow traffic to be limited between certain ports within the same VLAN

PVLAN implements port isolation in one VLAN.








With the rapid development of the network, users put forward higher requirements for the security of network data communication, such as preventing hacker attacks and controlling virus transmission, etc., all of which require the relative security of network users to communicate;ccie exam dumps The traditional solution is to assign each client a VLAN and associated IP subnet. By using VLANs, each client is isolated from Layer 2 to prevent any malicious behavior and Ethernet snooping.However, this model of assigning a single VLAN and IP subnet per customer creates enormous scalability limitations. These limitations mainly include the following aspects.


(1) VLAN limitation: the limitation of the number of VLANs inherent in the switch;

(2) Complex STP: For each VLAN, the topology of each relevant Spanning Tree needs to be managed;

(3) The shortage of IP addresses: the division of IP subnets will inevitably result in the waste of some IP addresses;

(4) Routing restrictions: Each subnet requires a corresponding default gateway configuration.


Therefore, a new VLAN mechanism has emerged, which is a PVLAN.



PVLANs have two VLANs:

Primary vlan and auxiliary vlan.

The auxiliary vlan contains two types of vlan:

lsolated vlan and Community vlan

Two port types of PVLAN:

Promiscuous Port and Host Port

The "hybrid port" belongs to the "Primary VLAN"; the "host port" belongs to the "Secondary VLAN".Since the "Secondary VLAN" has two attributes, the "host port" in the "Secondary VLAN" differs depending on the "Secondary VLAN" attribute, that is, the "Host Port" inherits the "Secondary VLAN".ccie exam dumps Attributes.As can be seen from this, "host ports" are also divided into two categories - "isolated port" and "community port".

A physical port on a switch in a pVLAN is either a "promiscuous port" or an "isolated" port or a "community" port.



PVLAN usage notes:

1. There is at least one "Secondary VLAN" in a "Primary VLAN" with no upper limit.

2. There can only be one "Isolated VLAN" in a "Primary VLAN", and there can be multiple "Community VLANs".

3. Any port between different "Primary VLANs" cannot communicate with each other (here "communication with each other" refers to Layer 2 connectivity).

4. "Isolated Port" can only communicate with "hybrid ports" and cannot communicate with any other port.

5. "Community port" can communicate with "promiscuous port" or with other physical ports in the same "Community VLAN", and cannot communicate with other ports.

6. There can only be one "Promiscuous Port" in a "Primary PVLAN";

7. To create PVLAN money, you need to configure the switch VTP to be in transparent mode.

8. The Layer 3 Vlan interface can only be assigned to the primary VLAN.

9. You cannot configure etherchannel in PVLAN.

At present, many vendors support PVLAN technology. Pvlan has obvious advantages in solving the security of the same letter and preventing broadcast storms, and it helps network optimization.


Publisher:IE LAB

publish Website: http://ielab.network

WhatsApp: +8617782638871

Skype:live:ielab.anna

Comments

Post a Comment

Popular posts from this blog

Cisco ccie exam Linux overview and history

      Cisco ccie exam Linux overview and history Simply put, the Linux operating system is a clone of the UNIX operating system, which was born on October 5, 1991 (the first time it was officially announced). It's the same as Microsoft's Windows, apple's MAC OS and android on mobile phones. Cisco ccie exam.Compared to ordinary people, Linux system may be relatively unfamiliar, and most of them are probably familiar with Windows system. Since the graphical interface of Windows is simpler and easier to use, Windows occupies more markets, and Linux systems are mainly command-line operations, which are more demanding for professionalism.Cisco ccie exam Linux systems are stable, secure, and have strong concurrency, so they are widely used in the server field. The professional servers are almost all Linux systems. Linux is open source, free, everyone can see the source code of Linux, you can use Linux for free. And the Linux kernel is short and lean, and some can only be a ...
Post a Comment
Read more

Cisco ccie exam Introduction to the OpenFlow protocol

Cisco ccie exam Introduction to the OpenFlow protocol OpenFlow, a network communication protocol, belongs to the data link layer and can control the forwarding plane of the network switch or router, thereby changing the network path of the network packet. OpenFlow protocol background: Forwarding and control separation is one of the essential features of SDN networks.In the SDN network architecture, the control plane is separated from the forwarding plane, the management and state of the network are logically grouped together, and the underlying network infrastructure is independent from the application, thereby enabling the network to achieve unprecedented programmable, controllable, and automated capabilities.Cisco ccie exam. This makes it easy for users to build highly scalable elastic networks based on business needs. To implement the transfer separation architecture of the SDN network, a communication interface standard needs to be established between the SDN controller and the dat...
Post a Comment
Read more

CISCO CCIE EXAM 5G and WIFI6, still can't tell? (1)

cisco ccie exam 5G and WIFI6, still can't tell? (1) Ⅰ. the opening: On October 3, 2018, the Wi-Fi Alliance officially incorporated WiFi based on the 802.11ax standard into the regular army and became the sixth generation WiFi technology. The WiFi specification was renamed, the standard 802.11n was renamed to WiFi 4, the standard 802.11ac was renamed to WiFi 5, and the new standard 802.11ax was renamed to WiFi 6. (Of course, the previous generation of 802.11b/a/g can be chased as WiFi 1/2/3) Not only changed the naming convention of WiFi, but also in the network connection of WiFi devices. Also all use the new UI icon. The icon will display the level of the WiFi network you are currently connected to through the most intuitive numbers. Wi-Fi is well known to us. Wi-fi has evolved from 802.11b in 1999 and has gone through five generations. The Wi-Fi Alliance announced the simplification of the name of the new Wi-fi to Wi-fi6 when it introduced the new generation of 802.11ax stan...
Post a Comment
Read more