プライマリVLANとセカンダリVLANから成り、
セカンダリVLANはさらにアイソレーテッドVLANとコミュニティVLANから成る。
…トンミヒルトネン!?!!!
(Tommi Hiltunen - Jarkko Niem)
さておき、これらのVLANが使用するポート
プライマリVLANは promiscuous ポート
http://ejje.weblio.jp/content/promiscuous
セカンダリでアイソレーテッドなVLANは isolated ポート
セカンダリでコミュニティなVLANは community ポート
を使うとのこと。ようけわからんので設定してみる。
VLAN ID の30番台をプライベートVLANにしてみる。
31は隔離者や閉鎖的コミュ中毒者が入り乱れる混合ポート…外部出入り口
35は隔離者VLAN
39は閉鎖的アタシのイエスマンコミュ中毒者向けVLAN
(config)#vlan 31
L2-QoS(config-vlan)#?
VLAN configuration commands:
are Maximum number of All Route Explorer hops for this VLAN (or
zero if none specified)
backupcrf Backup CRF mode of the VLAN
bridge Bridging characteristics of the VLAN
exit Apply changes, bump revision number, and exit mode
media Media type of the VLAN
mtu VLAN Maximum Transmission Unit
name Ascii name of the VLAN
no Negate a command or set its defaults
parent ID number of the Parent VLAN of FDDI or Token Ring type VLANs
private-vlan Configure a private VLAN
remote-span Configure as Remote SPAN VLAN
ring Ring number of FDDI or Token Ring type VLANs
said IEEE 802.10 SAID
shutdown Shutdown VLAN switching
state Operational state of the VLAN
ste Maximum number of Spanning Tree Explorer hops for this VLAN (or
zero if none specified)
stp Spanning tree characteristics of the VLAN
tb-vlan1 ID number of the first translational VLAN for this VLAN (or
zero if none)
tb-vlan2 ID number of the second translational VLAN for this VLAN (or
zero if none)
L2-QoS(config-vlan)#private-vlan ?
association Configure association between private VLANs
community Configure the VLAN as a community private VLAN
isolated Configure the VLAN as an isolated private VLAN
primary Configure the VLAN as a primary private VLAN
L2-QoS(config-vlan)#private-vlan primary ?
<cr>
L2-QoS(config-vlan)#private-vlan primary
Private VLANs can only be configured when VTP is in transparent mode.
L2-QoS(config-vlan)#
interface vlan でなくて vlan直 というのがまぎらわしい。
とりあえず、VTP を transparent モードにする。
L2-QoS(config-vlan)#exit
L2-QoS(config)#
L2-QoS(config)#vtp ?
domain Set the name of the VTP administrative domain.
file Configure IFS filesystem file where VTP configuration is stored.
interface Configure interface as the preferred source for the VTP IP updater
address.
mode Configure VTP device mode
password Set the password for the VTP administrative domain
pruning Set the adminstrative domain to permit pruning
version Set the adminstrative domain to VTP version
L2-QoS(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.
L2-QoS(config)#
変更終了。
ひとつ前に戻って、VLAN31をプロミスキャス、VLAN35をアイソレーテッド、VLAN39をコミュニティに設定。ここでプライマリVLANとセカンダリVLANの概念を思い出す必要があって
プライマリ…プロミスキャス
セカンダリ…アイソレーテッドとコミュニティ
であって、セカンダリの二つはプロミスキャスを介さないと外部と通信できないのでプライマリVLANに所属させなければいけないということに。
L2-QoS(config)#
L2-QoS(config)#vlan 31
L2-QoS(config-vlan)#private-vlan association ?
WORD VLAN IDs of the private VLANs to be configured
add Add a VLAN to private VLAN list
remove Remove a VLAN from private VLAN list
L2-QoS(config-vlan)#private-vlan association add ?
WORD VLAN IDs of the private VLANs to be configured
L2-QoS(config-vlan)#private-vlan association add 35,39
L2-QoS(config-vlan)#
L2-QoS(config-vlan)#exit
次に、セカンダリ側での設定は必要ないのか試してみると、
L2-QoS(config)#vlan 35
L2-QoS(config-vlan)#private-vlan association ?
WORD VLAN IDs of the private VLANs to be configured
add Add a VLAN to private VLAN list
remove Remove a VLAN from private VLAN list
L2-QoS(config-vlan)#private-vlan association add 36-38
Command rejected: invalid private vlan association between vlan35 and vlan36. VLAN 35 is not a primary VLAN.
L2-QoS(config-vlan)#
L2-QoS(config-vlan)#
L2-QoS(config-vlan)#private-vlan association add 31
Command rejected: invalid private vlan association between vlan35 and vlan31. VLAN 31 is a primary VLAN.
L2-QoS(config-vlan)#private-vlan association Kakuri-VLAN
Command Rejected: invalid VLAN list
L2-QoS(config-vlan)#
invalid assciation に invalid VLANリストと。
続いて、物理ポートの割り当て。
L2-QoS(config)#interface FastEthernet 0/31
L2-QoS(config-if)#switchport mode ?
access Set trunking mode to ACCESS unconditionally
dot1q-tunnel set trunking mode to TUNNEL unconditionally
dynamic Set trunking mode to dynamically negotiate access or trunk mode
private-vlan Set the mode to private-vlan host or promiscuous
trunk Set trunking mode to TRUNK unconditionally
L2-QoS(config-if)#switchport mode private-vlan ?
host Set the mode to private-vlan host
promiscuous Set the mode to private-vlan promiscuous
L2-QoS(config-if)#switchport mode private-vlan promiscuous ?
<cr>
L2-QoS(config-if)#switchport mode private-vlan promiscuous
L2-QoS(config-if)#
L2-QoS(config-if)#switchport ?
access Set access mode characteristics of the interface
backup Set backup for the interface
block Disable forwarding of unknown uni/multi cast addresses
host Set port host
mode Set trunking mode of the interface
nonegotiate Device will not engage in negotiation protocol on this
interface
port-security Security related command
priority Set appliance 802.1p priority
private-vlan Set the private VLAN configuration
protected Configure an interface to be a protected port
trunk Set trunking characteristics of the interface
voice Voice appliance attributes
<cr>
L2-QoS(config-if)#switchport private-vlan ?
association Set the private VLAN association
host-association Set the private VLAN host association
mapping Set the private VLAN promiscuous mapping
L2-QoS(config-if)#switchport private-vlan association ?
host Set the private VLAN host association
mapping Set the private VLAN promiscuous mapping
L2-QoS(config-if)#switchport private-vlan ?
association Set the private VLAN association
host-association Set the private VLAN host association
mapping Set the private VLAN promiscuous mapping
L2-QoS(config-if)#switchport private-vlan mapping ?
<1006-4094> Primary extended range VLAN ID of the private VLAN promiscuous
port mapping
<2-1001> Primary normal range VLAN ID of the private VLAN promiscuous
port mapping
L2-QoS(config-if)#switchport private-vlan mapping 31 ?
WORD Secondary VLAN IDs of the private VLAN promiscuous port mapping
add Add a VLAN to private VLAN list
remove Remove a VLAN from private VLAN list
L2-QoS(config-if)#switchport private-vlan mapping 31 add ?
WORD Secondary VLAN IDs of the private VLAN promiscuous port mapping
L2-QoS(config-if)#switchport private-vlan mapping 31 add 35,39
これでプライマリ/プロミスキャスの設定は終わり!? 次に、セカンダリ/アイソレーテッドの割り当て。
L2-QoS(config-if)#interface FastEthernet 0/35
L2-QoS(config-if)#
L2-QoS(config-if)#switchport mode private-vlan host
L2-QoS(config-if)#switchport private-vlan ?
association Set the private VLAN association
host-association Set the private VLAN host association
mapping Set the private VLAN promiscuous mapping
L2-QoS(config-if)#switchport private-vlan mapping 31 add 35
L2-QoS(config-if)#
続いてセカンダリ/コミュニティのポート割り当ては、アイソレーテッドと同一。
結果的に running-config に表れるところとしては、
VLAN周り
!
vlan 31
private-vlan primary
private-vlan association 35,39
!
vlan 32-34
!
vlan 35
private-vlan isolated
!
vlan 36-38
!
vlan 39
private-vlan community
!
vlan 40-136
!
!
インターフェース周り
!
interface FastEthernet0/31
switchport private-vlan mapping 31 35,39
switchport mode private-vlan promiscuous
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
switchport private-vlan host-association 31 35
switchport mode private-vlan host
!
interface FastEthernet0/36
switchport private-vlan host-association 31 35
switchport mode private-vlan host
!
interface FastEthernet0/37
!
interface FastEthernet0/38
!
interface FastEthernet0/39
switchport private-vlan host-association 31 39
switchport mode private-vlan host
!
interface FastEthernet0/40
switchport private-vlan host-association 31 39
switchport mode private-vlan host
!
さらに、SVIへのマッピングのところ。
L2-QoS(config)#interface vlan 31
L2-QoS(config-if)#
L2-QoS(config-if)#private-vlan mapping ?
WORD Secondary VLAN IDs of the private VLAN SVI interface mapping
add Add a VLAN to private VLAN list
remove Remove a VLAN from private VLAN list
L2-QoS(config-if)#private-vlan mapping add 35,39
L2-QoS(config-if)#
L2-QoS(config-if)#
*Mar 1 14:39:54.063: %PV-6-PV_MSG: Created a private vlan mapping, Primary 31, Secondary 35
*Mar 1 14:39:54.063: %PV-6-PV_MSG: Created a private vlan mapping, Primary 31, Secondary 39
L2-QoS(config-if)#
L2-QoS(config-if)#end
L2-QoS#
running-config 上に追加で表れるところ。
インターフェースVLAN周りで
interface Vlan1
ip address 172.16.1.1 255.255.255.0
!
interface Vlan31
no ip address
private-vlan mapping 35,39
!
とりあえずここまで。
0 件のコメント:
コメントを投稿