Thursday, February 6, 2014

NTS: UNI-ENI Vlans vs Private Vlans

UNI-ENI Vlans vs Private Vlans



UNI-ENI Vlans (or just UNI Vlans)

Types
  • Isolated Vlans
  • Community Vlans

Characteristics
  • Configuration happens under the Vlan
  • Port configuration doesn't include Vlan type
  • Each port can include many UNI-ENI Vlans
  • Apply to access, trunk, tunnel ports
  • There is only local significance per switch
  • L3 config applies to each Vlan separately
  • MAC addresses are learned on each vlan separately 

Configuration

IOS
ME-3400(config)#vlan 150
ME-3400(config-vlan)#uni-vlan ?
  community  UNI/ENI community VLAN
  isolated   UNI/ENI isolated VLAN



 IOS
vlan 150
 uni-vlan community


Verification

IOS
ME-3400#sh vlan uni-vlan type

Vlan Type
---- -----------------
1    UNI isolated
150  UNI isolated
1301 UNI community
1302 UNI community



Private Vlans

Types

  • Primary Vlan
  • Secondary Vlans
    • Isolated Vlans
    • Community Vlans

Characteristics
  • Configuration happens under the Vlan and under the Port
  • Port configuration includes a pair of Private Vlans
  • Each port can include only one pair of Private Vlans
  • Apply only to access ports
  • There can be global significance between multiple trunked switches
  • VTPv3 required to transfer them automatically across switches
  • L3 config applies to Primary Vlan only
  • MAC addresses are replicated from Secondary to Primary Vlans

Configuration

IOS
vlan 100
  private-vlan primary
  private-vlan association 200,300
!
vlan 200
  private-vlan isolated
!
vlan 300
  private-vlan community
!
interface GigabitEthernet0/7
 port-type nni
 switchport private-vlan mapping 100 200,300
 switchport mode private-vlan promiscuous
!
interface GigabitEthernet0/11
 switchport private-vlan host-association 100 200
 switchport mode private-vlan host
!
interface GigabitEthernet0/12
 switchport private-vlan host-association 100 300
 switchport mode private-vlan host

Primary vlan is configured on every type of port.


Verification

IOS
ME-3400#sh vlan private-vlan

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
100     200       isolated          Gi0/7, Gi0/11
100     300       community         Gi0/7, Gi0/12



Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)