Posts tagged BCMSN
Today we’ll go over Private VLANs (PVLANs) in Cisco IOS. PVLANs segregate VLANs even further than normal, they are basically VLANs inside of VLANs. The ports share a subnet, but can be prevented from communicating. They use different port types:
Promiscuous ports – These will be the “open ports” of the PVLANs, they can communicate with all other ports.
Community ports – These ports can communicate with other community ports and promiscuous ports.
Isolated ports – These can ONLY communicate with promiscuous ports.
There are different uses for PVLANs. They are used by service providers to allow customer security while sharing a single subnet. Another use could be for DMZ hosts in an enterprise environment. If one host is compromised its ability to inflict damage to the other hosts will be severely limited. That’s the scenario we’ll be using today. This is our topology:
In this short article we will configure some Layer 2 EtherChannel links. These are used to aggregate switchports to increase bandwidth and provide redundancy. I am running a four port EtherChannel from my Edge router to my Core switch. This article is useful for CCNP (BCMSN) studies.
First we will configure our switchports, then we will configure the Port-Channel interface, then we’ll look at some show commands.
Here is the switchport configuration:
interface range GigabitEthernet0/23 - 26 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk channel-group 1 mode on
We’ve set the trunking encapsulation to 802.1q and turn trunking on, then we set the native VLAN (I use 10), the command to note is “channel-group”, we have made the group 1 and set the mode to “on”, this means the port will not negotiate to become an EtherChannel, it just is.
Next we configure the Port-Channel interface:
interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk
This is just a logical interface (somewhat similar to a Loopback). We do the same trunk configuration here.