This article provides private vlan Configuration example
BlackDiamond and Summit series switches.
Non isolated Vlan
The medical research lab hosts lots of visiting clients. Each client has their own room, and the lab wants to grant them access to the internet through a local web proxy server but prevent them from accessing other visiting clients. There is a lab in the building where many research workstations are located. Workstations within the lab require access to other lab workstations, the internet, and file servers that are connected to a switch in another building. Visiting clients should not have access to the Research VLAN devices or the file servers on the remote switch. The PVLAN in the following figure contains the following PVLAN components: • Network VLAN named Main, which provides internet access through the proxy web server and access to file servers on the remote switch. • Isolated subscriber VLAN named ClientConnections, which provides internet access for visiting clients and isolation from other visiting clients, the Research VLAN devices, and the remote file servers. • Non-isolated subscriber VLAN named Research, which provides internet access and enables communications between Research VLAN devices and the remote file servers.
1 The first configuration step is to create and configure the VLANs on the local switch: create vlan Main configure vlan Main add port 1:* configure vlan Main tag 100 create vlan ClientConnections configure vlan ClientConnections add port 2:* configure vlan ClientConnections tag 200 create vlan Research configure vlan Research add port 3:* configure vlan Research tag 300
2 The remote switch VLAN is configured as follows: create vlan Main configure vlan Main add port 1:* configure vlan Main tag 100
3 The next step is to create the PVLAN on the local switch and configure each of the component VLANs for the proper role: create private-vlan MedPrivate configure private-vlan "MedPrivate" add network "Main" configure private-vlan "MedPrivate" add subscriber "ClientConnections" configure private-vlan "MedPrivate" add subscriber "Research" non-isolated
4 The final step is to configure VLAN translation on the local switch so that Research VLAN workstations can connect to the file servers on the remote switch: configure Main add ports 1:1 private-vlan translated