PC1
no ip routing int e0/0 no shut ip add 192.168.0.1 255.255.255.0
PC2
no ip routing int e0/0 no shut ip add 192.168.0.2 255.255.255.0
PC3
no ip routing int e0/0 no shut ip add 192.168.0.3 255.255.255.0
PC4
no ip routing int e0/0 no shut ip add 192.168.0.4 255.255.255.0
Server1
no ip routing int e0/0 no shut ip add 192.168.0.254 255.255.255.0
Private vLan首先要注意的是必須更改VTP, 不清楚的就要先了解啦
SW1
vtp mode transparent vlan 500 private-vlan primary private-vlan association 501-502 vlan 501 private-vlan community vlan 502 private-vlan isolated interface range g0/0-1 switchport mode private-vlan host switchport private-vlan host-association 500 501 interface range g0/2-3 switchport mode private-vlan host switchport private-vlan host-association 500 502 interface g1/0 switchport mode private-vlan promiscuous switchport private-vlan mapping 500 501-502 由於PC1和PC2在community vLan 501, 所以可以互通, 另外還可以連通在promiscuous的Server1
結果和PC1一樣
PC3和PC4在isolated vLan 502, 所以不能連接, 包括PC1和PC2, 但是可以連通在promiscuous的Server1
結果和PC3一樣
Server1在promiscuous的vLan 500, 所以可以全部PC互通
useful command
show interfaces fastEthernet 0/1 switchport
show interface fa0/24 switchport
show vlan private-vlan
show vlan private-vlan type
