Reset Search



How to configure private vlan

« Go Back


TitleHow to configure private vlan
This article provides private vlan Configuration example

  • Exos All
  • BlackDiamond and Summit series switches. 
  • Private Vlan
  • Network Vlan
  • Subscriber Vlan
  • Non isolated Vlan

The medical research lab hosts lots of visiting clients. Each client has their own room, and the lab wants
to grant them access to the internet through a local web proxy server but prevent them from accessing
other visiting clients. There is a lab in the building where many research workstations are located.
Workstations within the lab require access to other lab workstations, the internet, and file servers that
are connected to a switch in another building. Visiting clients should not have access to the Research
VLAN devices or the file servers on the remote switch.
The PVLAN in the following figure contains the following PVLAN components:
• Network VLAN named Main, which provides internet access through the proxy web server and
access to file servers on the remote switch.
• Isolated subscriber VLAN named ClientConnections, which provides internet access for visiting
clients and isolation from other visiting clients, the Research VLAN devices, and the remote file
• Non-isolated subscriber VLAN named Research, which provides internet access and enables
communications between Research VLAN devices and the remote file servers.

1 The first configuration step is to create and configure the VLANs on the local switch:
create vlan Main
configure vlan Main add port 1:*
configure vlan Main tag 100
create vlan ClientConnections
configure vlan ClientConnections add port 2:*
configure vlan ClientConnections tag 200
create vlan Research
configure vlan Research add port 3:*
configure vlan Research tag 300

2 The remote switch VLAN is configured as follows:
create vlan Main
configure vlan Main add port 1:*
configure vlan Main tag 100

3 The next step is to create the PVLAN on the local switch and configure each of the component
VLANs for the proper role:
create private-vlan MedPrivate
configure private-vlan "MedPrivate" add network "Main"
configure private-vlan "MedPrivate" add subscriber "ClientConnections"
configure private-vlan "MedPrivate" add subscriber "Research" non-isolated

4 The final step is to configure VLAN translation on the local switch so that Research VLAN
workstations can connect to the file servers on the remote switch:
configure Main add ports 1:1 private-vlan translated

Additional notes
This configuration example is taken from EXOS concepts Guide 21.1 Page 476
Where can I find documentation for Extreme products?



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255