iT邦幫忙

0

Private VLAN 是怎么通信的?

  • 分享至 

  • xImage

为了弄清除 Private VLAN 的通信问题,我做了一个测试:
1 个普通非 Private VLAN,
1 个 Private VLAN,包含 5 个 secondary PVLAN,
5 个 secondary PVLAN 的类型为:
promiscuous 1个
isolated 2个
Community 2个
1 台 DHCP Server,DHCP Server 的网络在一个普通非 Private VLAN

测试结果:
除了 isolated VLAN 不能从 DHCP 获取到 IP 地址外,其他 Private VLAN 都可以从 DHCP VLAN 获取到 IP。
Private VLAN 可以 ping 普通非 Private VLAN

现在有一个问题,就是 Private VLAN 之间的互 ping 有问题
不过 是 Community VLAN 还是 isolated VLAN,都应该可以 ping 通 promiscuous VLAN,但在我的测试中,我 ping 不通。

这是交换机上面要做什么特别的配置吗? 普通非 Private VLAN 之间的互 Ping
是 正常的。

圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

1 個回答

0
bluegrass
iT邦高手 1 級 ‧ 2018-02-07 10:52:57
最佳解答

promiscuous 可以和所有PVLAN溝通

isolated 只可以和自己和promiscuous溝通

Community 只可以和自己相同的Community和promiscuous溝通

你PING不到就是你設定有問題

CONFIG FILE 放上來好沒?

看更多先前的回應...收起先前的回應...
as900 iT邦研究生 4 級 ‧ 2018-02-07 13:02:08 檢舉

Building configuration...

Current configuration : 2958 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
vlan 2-5
!
vlan 20
private-vlan association 201-203
!
vlan 201-203
!
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/3
no ip address
no mdix auto
!
interface GigabitEthernet1/0/4
no ip address
no mdix auto
!
interface GigabitEthernet1/0/5
no ip address
no mdix auto
!
interface GigabitEthernet1/0/6
no ip address
no mdix auto
!
interface GigabitEthernet1/0/7
no ip address
no mdix auto
!
interface GigabitEthernet1/0/8
no ip address
no mdix auto
!
interface GigabitEthernet1/0/9
no ip address
no mdix auto
!
interface GigabitEthernet1/0/10
no ip address
no mdix auto
!
interface GigabitEthernet1/0/11
no ip address
no mdix auto
!
interface GigabitEthernet1/0/12
no ip address
no mdix auto
!
interface GigabitEthernet1/0/13
no ip address
no mdix auto
!
interface GigabitEthernet1/0/14
no ip address
no mdix auto
!
interface GigabitEthernet1/0/15
no ip address
no mdix auto
!
interface GigabitEthernet1/0/16
no ip address
no mdix auto
!
interface GigabitEthernet1/0/17
no ip address
no mdix auto
!
interface GigabitEthernet1/0/18
no ip address
no mdix auto
!
interface GigabitEthernet1/0/19
no ip address
no mdix auto
!
interface GigabitEthernet1/0/20
no ip address
no mdix auto
!
interface GigabitEthernet1/0/21
no ip address
no mdix auto
!
interface GigabitEthernet1/0/22
no ip address
no mdix auto
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
no mdix auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
shutdown
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.10
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.1.10
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.1.10
!
interface Vlan5
ip address 192.168.5.1 255.255.255.0
ip helper-address 192.168.1.10
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
ip helper-address 192.168.1.10
!
interface Vlan201
ip address 192.168.201.1 255.255.255.0
ip helper-address 192.168.1.10
!
interface Vlan202
ip address 192.168.202.1 255.255.255.0
ip helper-address 192.168.1.10
!
interface Vlan203
ip address 192.168.203.1 255.255.255.0
ip helper-address 192.168.1.10
!
ip classless
ip http server
!
!
line con 0
line vty 5 15
!
end

as900 iT邦研究生 4 級 ‧ 2018-02-07 13:03:14 檢舉

这里的 promiscuous 指的是什么?
我在交换机上,好像没法发现这个这个配置

as900 iT邦研究生 4 級 ‧ 2018-02-07 15:09:06 檢舉

我又从新配了一遍,发现,连接到同一个 isolated VLAN 的虚拟机,之间可以互相 ping 通,这个正常吗?

bluegrass iT邦高手 1 級 ‧ 2018-02-07 16:53:47 檢舉

你都沒INTERFACE ACCESS到你的PRIVATE VLAN

你的設計其實是要怎樣

畫個圖上來

bluegrass iT邦高手 1 級 ‧ 2018-02-07 16:54:07 檢舉

我要發表回答

立即登入回答