DNS servers are redundant copies so they need to communicate with each other to

Dns servers are redundant copies so they need to

This preview shows page 62 - 66 out of 84 pages.

DNS servers are redundant copies, so they need to communicate with each other to update their entries and to the Internet. In addition to that, they also need to communicate with the Internet. The Web Server and the SMTP server need to communicate with the Internet, but for security purposes, the SMTP server should not be reachable from the Web or the DNS servers. The web server needs to be accessible from the Internet but not from the SMTP server.
Image of page 62
Chapter 2 63 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public pVLAN Configuration for Scenario 1 Switch(config)# vtp transparent Switch(config)# vlan 201 Switch(config-vlan)# private-vlan isolated Switch(config)# vlan 202 Switch(config-vlan)# private-vlan community Switch(config-vlan)# vlan 100 Switch(config-vlan)# private-vlan primary Switch(config-vlan)# private-vlan association 201,202 Switch(config-vlan)# interface fastethernet 0/24 Switch(config-if)# switchport mode private-vlan promiscuous Switch(config-if)# switchport private-vlan mapping 100 201,202 Switch(config-if)# interface range fastethernet 0/1 - 2 Switch(config-if)# switchport mode private-vlan host Switch(config-if)# switchport private-vlan host-association 100 202 Switch(config-if)# interface range fastethernet 0/3 - 4 Switch(config-if)# switchport mode private-vlan host Switch(config-if)# switchport private-vlan host-association 100 201
Image of page 63
Chapter 2 64 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public pVLAN Scenario 2: Multiple Switches A trunk port carries the primary VLAN and secondary VLANs to a neighboring switch just like any other VLAN. A feature of pVLANs across multiple switches is that traffic from an isolated port in one switch does not reach an isolated port on another switch. Configure pVLANs on all switches on the path, which includes devices that have no pVLAN ports to maintain the security of your pVLAN configuration, and avoid using other VLANs configured as pVLANs. As shown in the figure, the switches SWA and SWB have the same pVLANs on two different switches and are connected through the trunk link.
Image of page 64
Chapter 2 65 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public pVLAN Configuration for Scenario 2 To configure a Layer 2 interface as a Private VLAN trunk port, use the interface command: Switch(config-if)# switchport private-vlan association trunk primary_vlan_ID secondary_vlan_ID If the port is set to promiscuous, use the mapping command : Switch(config-if)# switchport private-vlan mapping primary_vlan_ID secondary_vlan_list Once the trunk is configured, allow VLANs with the command Switch(config-if)# switchport private-vlan trunk allowed vlan vlan_list Configure the native VLAN with following command Switch(config-if)# switchport private-vlan trunk native vlan vlan_id Switch(config)# interface fastethernet 5/2 Switch(config-if)# switchport mode private-vlan trunk secondary Switch(config-if)# switchport private-vlan trunk native vlan 10 Switch(config-if)# switchport private-vlan trunk allowed vlan 10, 3,301-302 Switch(config-if)# switchport private-vlan association trunk 3 301 Switch(config-if)# switchport private-vlan association trunk 3 302
Image of page 65
Image of page 66

You've reached the end of your free preview.

Want to read all 84 pages?

  • Summer '17
  • SI kuan
  • VLAN Trunking Protocol, Cisco Public

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture