Isolated: Communicates with only promiscuous ports.

Community: Communicates with the other members of the same community VLAN and all promiscuous ports.

Promiscuous: Communicates with all other ports in the same primary VLAN.

Description:

R5:  Gateway  10.0.0.1

 

R1:  simulate Switch1.  

ConfigureFa0/9 as Promiscuous Port

                  Fa0/1-2 as Community Port

                  Fa0/3 as Isolated Port

 

R2,R3,R4 simulate Switch2, Switch3, Switch4

 

Purpose:

xp和win7-1属于相同团体vlan，可相互通信。

win7-2属于隔离vlan，只能和混杂端口Fa0/9通信。

所有主机可以和网关(R5 Fa0/0)通信。

主vlan：Vlan 100， 团体vlan：vlan 170     隔离vlan：vlan 200 

Switch1(config)# vtp mode transparent

 

Switch1(config)# vlan 170

Switch1(config-vlan)# private-vlan community

 

Switch1(config)# vlan 200

Switch1(config-vlan)# private-vlan isolated

 

Switch1(config)# vlan 100

Switch1(config-vlan)# private-vlan primary

Switch1(config-vlan)# private-vlan association 170 200  定义vlan 170 200为vlan 100的辅助vlan

 

Switch1(config)# interface Fa0/9

Switch1(config-if)# switchport mode private-vlan promiscuous

Switch1(config-if)# switchport private-vlan mapping 100 170 200 接收100 170 200的流量

 

Switch1(config)# interface range Fa0/1 - 2

Switch1(config-if)# switchport mode private-vlan host

Switch1(config-if)# switchport private-vlan host-association 100 170

 

Switch1(config)# interface Fa0/3

Switch1(config-if)# switchport mode private-vlan host

Switch1(config-if)# switchport private-vlan host-association 100 200