内网有一台ST5540F，上网设备全部属于vlan1，交换机内部不划分vlan，内网一台服务器接1号口，财务部人员接2-3号口，研发部人员接4-5号口，其他人员接6-7号口，需要实现端口隔离，使得内网人员全部可以访问服务器，财务部、研发部、其他人员之间不能互访，且财务部内部以及研发部内部人员可以互访，其他人员内部不可以互访

 

1. 登录ST5540F的命令行配置页面

                 Welcome to UTT ST5540F Ethernet Switch

Switch>

Switch>enable

password:

Switch#

2.配置两个团体VLAN，例如VLAN 12和VLAN 13

Switch#config

Switch_config#vlan 12

Switch_config_vlan12#private-vlan community

Switch_config_vlan12#exit

Switch_config#vlan 13

Switch_config_vlan13#private-vlan community

Switch_config_vlan13#exit

3.配置一个隔离VLAN，例如VLAN 14

Switch_config#vlan 14

Switch_config_vlan14#private-vlan isolated

Switch_config_vlan14#exit

4.配置一个VLAN 11，设置为主VLAN，并配置关联VLAN，将团体vlan12、VLAN 13和隔离VLAN 14关联到VLAN11，成为VLAN 11的内部子VLAN

Switch_config#vlan 11

Switch_config_vlan11#private-vlan primary

Switch_config_vlan11#private-vlan association 12-14

Switch_config_vlan11#exit

5.将端口添加到对应的VLAN，并设置对应的端口模式和主VLAN、辅助VLAN；

1号端口添加到VLAN 11，混杂模式，主VLAN11，辅助VLAN 12-14

Switch_config#interface GigaEthernet0/1

Switch_config_g0/1#switchport mode private-vlan promiscuous

Switch_config_g0/1#switchport private-vlan mapping 11 12-14

Switch_config_g0/1#switchport pvid 11

Switch_config_g0/1#exit

2-3号端口添加到VLAN 12，主机模式，主VLAN11，辅助VLAN 12

Switch_config#interface GigaEthernet0/2

Switch_config_g0/2#switchport mode private-vlan host

Switch_config_g0/2#switchport private-vlan host-association 11 12

Switch_config_g0/2#switchport pvid 12

Switch_config_g0/2#exit

Switch_config#interface GigaEthernet0/3

Switch_config_g0/3#switchport mode private-vlan host

Switch_config_g0/3#switchport private-vlan host-association 11 12

Switch_config_g0/3#switchport pvid 12

Switch_config_g0/3#exit

4 -5号端口添加到VLAN 13，主机模式，主VLAN11，辅助VLAN 13

Switch_config#interface GigaEthernet0/4

Switch_config_g0/4#switchport mode private-vlan host

Switch_config_g0/4#switchport private-vlan host-association 11 13

Switch_config_g0/4#switchport pvid 13

Switch_config_g0/4#exit

Switch_config#interface GigaEthernet0/5

Switch_config_g0/5#switchport mode private-vlan host

Switch_config_g0/5#switchport private-vlan host-association 11 13

Switch_config_g0/5#switchport pvid 13

Switch_config_g0/5#exit

6-7添加到VLAN 14，主机模式，主VLAN11，辅助VLAN 14

Switch_config#interface GigaEthernet0/6

Switch_config_g0/6#switchport mode private-vlan host

Switch_config_g0/6#switchport private-vlan host-association 11 14

Switch_config_g0/6#switchport pvid 14

Switch_config_g0/6#exit

Switch_config#interface GigaEthernet0/7

Switch_config_g0/7#switchport mode private-vlan host

Switch_config_g0/7#switchport private-vlan host-association 11 14

Switch_config_g0/7#switchport pvid 14

Switch_config_g0/7#exit

6.show vlan private-vlan查看配置是否正确

Switch_config#show vlan private-vlan

Primary  Secondary  Type             Ports

-------- ---------- ---------------- -----------------------------------------

      11         12        community g0/1, g0/2, g0/3

      11         13        community g0/1, g0/4, g0/5

      11         14         isolated g0/1, g0/6, g0/7

7.保存配置

Switch_config#wr

Confirm to overwrite current startup-config configuration [Y/N]:y