PRIVATE VLAN
Its break VLAN domain into Primary LAN &
Secondary LAN.
Primary VLAN -
The traffic move from the promiscuous
ports to isolated ports, But community ports & other promiscuous ports is
in same private VLAN.
Only one primary VLAN can be configure per private
VLAN & remaining ports are in private VLAN share the same primary VLAN only.
Community VLAN -
Its part of secondary VLAN, The traffic
flow between ports which belong to the same community and to promiscuous ports.
There can be multiple community VLANs per private VLAN.
Isolated VLAN –
Its part secondary VLAN. It move
traffic from isolated ports to promiscuous ports. Only one isolated VLAN can be
configured as per private VLAN.
Types of ports Private Vlan
Promiscuous port-
Its part of Primary Vlan. This port communicate with
all interfaces or Isolated port and Community port.
Isolated port –
Its part of Secondary Vlan. In this port traffic
should move through promiscuous port.
A private Vlan allows only traffic to the
isolated port which are coming from its associated promiscuous port.
Community port –
Its part of Secondary Vlan. Port in community VLAN
can communicate with any other port with same community VLAN & also
associated with promiscuous port.
DMVPN
DMVPN is centralized management & implementation
and controller to all traffic which are coming from cooperate branches, it work
like Hub and Spoke.
There are 3 Phase in DMVPN
Phase-1
It provide Hub & Spoke and GRE tunnels only
should be built between the hub and spoke.
Packet destined to networks behind spokes is forced
to 1st traverse the hub.
Phase-2
It allowed spokes to build spoke-to-spoke tunnel so
this spoke can receive specific routes traffic from all remote spoke subnet.
Phase-3
It allowed spokes to build spoke-to-spoke tunnel and
its restriction phase-2 using NHRP traffic, so message can be indicate from the
hub to spokes and will reach to destination.
Nice notes!!
ReplyDelete