我有一个与私有 VLAN 相关的问题。我有光纤调制解调器,但它们无法访问 DHCP/TFTP 以进行设置。我怀疑来自专用 VLAN 的配置。你能回顾一下吗?我的疑惑主要是在千兆端口的接入交换机和中继配置上。
简而言之,当调制解调器启动时,它们试图通过 DHCP 获取 IP,发送一个未标记的帧到达接入交换机 4506 并且应该在 vlan 11 上处理,因为它们是未标记的私有 vlan。广播发现 DHCP 应通过 vlan 10 转到聚合器交换机。在聚合器交换机 4500x 上,有一个 SVI vlan 10,带有提供服务器的 ip helper-address,该服务器向他发送单播数据包。
接入交换机 4506 上的配置:
vlan 10
name vlan_10
private-vlan primary
!
vlan 20
name vlan_20
private-vlan primary
!
vlan 30
name vlan_30
private-vlan primary
!
! Isolated VLAN: Connects all CPE hosts to Switch
!
vlan 11
name Pvlan_11
private-vlan isolated
!
vlan 21
name Pvlan_21
private-vlan isolated
!
vlan 31
name Pvlan_31
private-vlan isolated
!
! Associating
!
vlan 10
private-vlan assoc 11
!
vlan 20
private-vlan assoc 21
!
vlan 30
private-vlan assoc 31
!
! Isolated port (Can only communicate with Primary port)
!
interface giX/Y
switchport mode private-vlan trunk promiscuous
switchport private-vlan trunk native vlan 11
switchport private-vlan trunk allowed vlan 11,21,31
switchport private-vlan mapping trunk 10 11
switchport private-vlan mapping trunk 20 21
switchport private-vlan mapping trunk 30 31
