- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Isolated PVLAN on 2920 and 3800
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-27-2019 12:33 PM
03-27-2019 12:33 PM
Isolated PVLAN on 2920 and 3800
I have followed several articles and videos, but can't seem to wrap my head around this. I have a business department I need separated from each other and all other vlans on our network. I have created a primary vlan 7 and secondary isolated vlan 70 on both my 2920 and 3800 switches. The issue is that although I can communicate with a client connected to the 70 vlan, so can everything else on our network including file access to the client on 70 from a different vlan. What am I missing here?
Internet (firewall and web filter inline) -> Core Switch (3800) Port 52 -> Port 1/A1 MS Main (2920) - > Port 27 Client
Core -
interface 52
dhcp-snooping trust
dhcpv6-snooping trust
name "MiddleSchool"
ipv6 nd snooping trust
exit
snmp-server community "bradford" unrestricted
snmp-server host 172.16.101.2 community "bradford" trap-level all
snmp-server enable traps mac-notify
snmp-server enable traps mac-count-notify
oobm
ip address dhcp-bootp
exit
router rip
redistribute connected
enable
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 7-9,18-21,25-31,Trk2-Trk3
untagged 2-6,22-24,32-52
tagged 1
ip address 172.16.101.26 255.255.0.0
ip helper-address 10.4.0.2
ip helper-address 10.4.0.3
exit
vlan 3
name "Wireless"
untagged 25-31
tagged 48-52
ip address 10.3.0.1 255.255.0.0
ip helper-address 10.4.0.2
ip helper-address 10.4.0.3
exit
vlan 4
name "Servers"
untagged 18-21,Trk2-Trk3
tagged 48
ip address 10.4.0.1 255.255.0.0
exit
vlan 5
name "Debug"
ip address 10.5.0.1 255.255.0.0
exit
vlan 6
name "Security"
untagged 7-9
tagged 48-52
ip address 10.6.0.1 255.255.255.0
exit
vlan 7
name "BusinessDept"
private-vlan primary
private-vlan isolated 70
tagged 52
ip address 10.7.0.1 255.255.255.0
exit
vlan 10
name "Registration"
tagged 25-31,48-52
ip address 10.10.0.1 255.255.0.0
ip helper-address 10.10.0.2
exit
vlan 20
name "Remediation"
tagged 25-31,48-52
ip address 10.20.0.1 255.255.0.0
ip helper-address 10.10.0.2
exit
vlan 30
name "DeadEnd"
tagged 25-31,48-52
ip address 10.30.0.1 255.255.0.0
ip helper-address 10.30.0.2
exit
vlan 70
name "VLAN70"
no ip address
exit
MS Main
interface 1/27
no private-vlan promiscuous
exit
interface 1/A1
dhcp-snooping trust
dhcpv6-snooping trust
ipv6 nd snooping trust
exit
snmp-server community "bradford" unrestricted
snmp-server host 172.16.101.2 community "bradford" trap-level all
no snmp-server enable traps link-change 1/1-1/3,1/47-1/48
snmp-server enable traps mac-notify
oobm
ip address dhcp-bootp
member 1
ip address dhcp-bootp
exit
member 2
ip address dhcp-bootp
exit
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1/1-1/9,1/11-1/15,1/24,1/27,1/32,1/34,2/1
untagged 1/10,1/16-1/23,1/25-1/26,1/28-1/31,1/33,1/35-1/48,1/A1-1/A2,2/2-2/24
ip address 172.16.110.6 255.255.0.0
exit
vlan 2
name "VL-LegacyData"
tagged 1/47-1/48,1/A1-1/A2
no ip address
exit
vlan 3
name "Wireless"
untagged 1/1,1/3-1/9,1/11-1/15,2/1
tagged 1/25,1/48,1/A1-1/A2
no ip address
exit
vlan 6
name "Security"
untagged 1/2,1/24,1/32,1/34
tagged 1/25,1/A1-1/A2
no ip address
exit
vlan 7
name "BusinessDept"
private-vlan primary
private-vlan isolated 70
tagged 1/A1
no ip address
exit
vlan 10
name "Registration"
tagged 1/1-1/9,1/11-1/15,1/25,1/48,1/A1-1/A2
no ip address
exit
vlan 20
name "Remediation"
tagged 1/1-1/9,1/11-1/15,1/25,1/48,1/A1-1/A2
no ip address
exit
vlan 30
name "DeadEnd"
tagged 1/1-1/9,1/11-1/15,1/25,1/48,1/A1-1/A2
no ip address
exit
vlan 70
name "VLAN70"
untagged 1/27
no ip address
exit