1 Introduction
One of the core network switching equipment and technology have developed rapidly over Ethernet from 10Mbit/s, 100Mbit/s Fast Ethernet, and the development of 10 Gigabit Ethernet in place of Kyrgyzstan. Switch enterprises in the field of communication and depth of network management VLAN Application of PVLAN special master to demand more and more pressing. This paper summarized the application of practical experience in this area.
2 VLAN limitations
With the rapid development of network, data communication network users a higher security requirements, such as preventing hacker attacks, control the spread of the virus, users are required to ensure the relative safety communications; The traditional solution is relevant to each customer assigned an IP subnet and VLAN, through the use of VLAN. each client has been isolated from the second layer, which can prevent any malicious acts and the information to find Ethernet. However, this allocation of each client VLAN and IP subnet single model can cause a huge expansion of the limitations. These limitations are mainly the following areas.
(1) : Switch VLAN limitations inherent restriction on the number of VLAN;
(2) : For each VLAN STP complicated by each of the Spanning Tree topology related needs;
(3) the shortage of IP addresses : IP subnet division is bound to create some IP addresses waste;
(4) : Each subnet routing restrictions require corresponding default gateway configuration.
3 Application of PVLAN
Now, with a new VLAN mechanism, and all servers in the same sub-network, but only with the acquiescence Gateway server communications. VLAN is a special characteristic of this new VLAN (Private VLAN). Private VLAN on the concept that there are three types : Isolated port switch port, Community port, Promisc-
Uous port; which correspond to different types : Isolated port VLAN is Isolated Application of PVLAN, Community Community Application of PVLAN port belongs. and a representative of the Primary Private VLAN overall VLAN, VLAN needs and its previous two Binding together, it also includes Promiscuous port. Application of PVLAN in Isolated, the only port Isolated and Promiscuous port communications, they can not exchange flow; Application of PVLAN in the Community, the Community can and Promiscuous port communications port, but would also exchange flow. Promiscuous port Layer 3 switches and routers or adapter connected to the flow before it can be sent to the Isolated port and Community port. Application of PVLAN of ensuring access to the data communication network security is very effective, users connect with their acquiescence Gateway, Application of PVLAN no more than one VLAN and IP subnet have provided a second layer of safety data communication links, all users have access to the Application of PVLAN. so all users with a gateway linking acquiescence, and with no other users within the Application of PVLAN visit. Application of PVLAN a VLAN functions can be assured with no communication between the various port, but through Trunk port. Even though the same VLAN users will be among the broadcasters.
Application of PVLAN configuration steps 4
(1) Put in VTP transparent mode switch
Set vtp transparent mode
(2) Create the primary private VLAN
Pvlan-type primary set vlan vlan
(3) Set the isolated or community VLAN (s)
Set vlan vlan pvlan-type {isolated | community}
(4) Map the secondary VLAN (s) to the primary VLAN
Set pvlan primary_vlan {isolated_vlan | community_
Vlan} {mod/port | sc0}
(5) Map each secondary to the primary VLAN promiscuous VLAN on the port (s)
Set pvlan mapping primary_vlan {isolated_vlan | community_vlan} {mod/port} [mod/port :]
(6) Application of PVLAN configuration Show
Show pvlan [primary_vlan]
Show pvlan mapping
Show vlan [primary_vlan]
Show port
5 example
The following is a given network operating Switch Application of PVLAN related allocation for reference purposes only. Among them, 100 are VLAN Primary VLAN, VLAN 101 is Isolated VLAN, VLAN 102 and VLAN 103 is Community VLAN.
N8-CSSW-2> (enable) show running-config
This command shows non-default configurations only.
Set system name N8-CSSW-2
#vtp
Set vtp domain sdunicom
Set vtp transparent mode
Set vlan 1 name default type ethernet mtu 1500 said 100,001 active state
Set vlan 100 name VLAN0100 type ethernet mtu 1500 said 100,100 state primary active pvlantype
Set vlan 101 name VLAN0101 type ethernet mtu 1500 pvlantype isolated state said 100,101 active
Set vlan 102 name VLAN0102 type ethernet mtu 1500 said 100,102 state active community pvlantype
Set vlan 103 name VLAN0103 type ethernet mtu 1500 said 100,103 state active community pvlantype
50-port 10/100/1000 Ethernet #module 2 :
2/26-29,2/35-36,2/42-43 set pvlan 100 101
Set pvlan mapping 2/49 100 101
2/1-13,2/30-34 set pvlan 100 102
Set pvlan mapping 2/49 100 102
Set pvlan 100103 2/14-25
Set pvlan mapping 100103 2/49
End
N8-CSSW-2> (enable) show pvlan
Primary Secondary Secondary-Type Ports
------- --------- ----------------
Isolated 2/26-29,2/35-36,2/42-43 100 101
100 102 community 2/1-13,2/30-34
100103 community 2/14-25
6 1985
At present, many manufacturers support the Switch Application of PVLAN, Application of PVLAN in telecommunication security, preventing broadcast storms and the advantages of IP addresses waste is obvious, but using Application of PVLAN help optimize the network, together with the Application of PVLAN in switching configuration is relatively simple. Application of PVLAN network managers to be more favored.


Each pvlan, only one Primary Implementation Methods of Vlan, we only have one Primary Implementation Methods of Vlan promiscuous port, as a whole, Pvlan exports Isolated Community and no restrictions on the number of ports that are host port.
Pvlan some concepts do not know right
1. Isolated and Promiscuous port VLAN is not only communications, as well as its Gateway Communications (Primary Implementation Methods of Vlan the ip)
2. Isolated VLAN Applicated Implementation Methods of Vlan and Primary and Community Implementation Methods of Vlan other switches can be passed to learn vtp
3. Implementation Methods of Vlan in a Primary, Community Isolated and there can be several Albanian port Promiscuous? The bar should not be restricted

Private VLAN on the concept that there are three types : Isolated port switch port, Community port, Promisc-
Uous port; which correspond to different types : Isolated port VLAN is Isolated Application of PVLAN, Community Community Application of PVLAN port belongs. and a representative of the Primary Private VLAN overall VLAN, VLAN needs and its previous two Binding together, it also includes Promiscuous port. Application of PVLAN in Isolated, the only port Isolated and Promiscuous port communications, they can not exchange flow; Application of PVLAN in the Community, the Community can and Promiscuous port communications port, but would also exchange flow. Promiscuous port Layer 3 switches and routers or adapter connected to the flow before it can be sent to the Isolated port and Community port. Application of PVLAN of ensuring access to the data communication network security is very effective, users connect with their acquiescence Gateway, Application of PVLAN no more than one VLAN and IP subnet have provided a second layer of safety data communication links, all users have access to the Application of PVLAN. so all users with a gateway linking acquiescence, and with no other users within the Application of PVLAN visit. Application of PVLAN a VLAN functions can be assured with no communication between the various port, but through Trunk port. Even though the same VLAN users will be among the broadcasters.